• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

RHEL - Running HTTP server under a non root account.

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    RHEL - Running HTTP server under a non root account.

    I'm rusty on the technical stuff these days but we have an issue a client co. that is causing headaches as we can't get a straight answer from the supplier.

    They have configured the HTTP server running on RHEL to run as Root. This has always been a no-no for me as it means that anyone compromising the server gains Root access to the box it's running on. The excuse given is that you can't bind privileged ports <1024 to non-root services.

    Back when I was still configuring these things the Root user would kick off the HTTPd Daemon which would start the HTTP server under it's own user ID, bind the ports and then exit dropping root privileges in the process, leaving the HTTP server to run under it's own ID with access to port 80,443 etc.

    Has this changed or am I remembering it i wrong after all this time?
    "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

    #2
    Originally posted by DaveB View Post
    I'm rusty on the technical stuff these days but we have an issue a client co. that is causing headaches as we can't get a straight answer from the supplier.

    They have configured the HTTP server running on RHEL to run as Root. This has always been a no-no for me as it means that anyone compromising the server gains Root access to the box it's running on. The excuse given is that you can't bind privileged ports <1024 to non-root services.

    Back when I was still configuring these things the Root user would kick off the HTTPd Daemon which would start the HTTP server under it's own user ID, bind the ports and then exit dropping root privileges in the process, leaving the HTTP server to run under it's own ID with access to port 80,443 etc.

    Has this changed or am I remembering it i wrong after all this time?
    Yep that's how I remember it too.

    If you run ps -ef does it show root as the http process owner?

    I seem to remember there is a setting in the HTTP configuration file that sets the user to spawn to...

    Comment


      #3
      Originally posted by DaveB View Post
      I'm rusty on the technical stuff these days but we have an issue a client co. that is causing headaches as we can't get a straight answer from the supplier.

      They have configured the HTTP server running on RHEL to run as Root. This has always been a no-no for me as it means that anyone compromising the server gains Root access to the box it's running on. The excuse given is that you can't bind privileged ports <1024 to non-root services.

      Back when I was still configuring these things the Root user would kick off the HTTPd Daemon which would start the HTTP server under it's own user ID, bind the ports and then exit dropping root privileges in the process, leaving the HTTP server to run under it's own ID with access to port 80,443 etc.

      Has this changed or am I remembering it i wrong after all this time?
      Correct. It still works that way.
      Starts as root then spawns a new load of processes.
      Don't believe it, until you see it!

      Comment

      Working...
      X