Results 1 to 6 of 6
  1. #1
    Join Date
    Apr 2009
    Location
    inside wht
    Posts
    716

    still apache parent owns root :(

    Hello,

    Why apache parent process still owned by root user.
    =========
    [email protected]:~# ps aux | grep apache2
    root 30161 0.0 0.8 35588 8368 ? Ss 17:41 0:00 /usr/sbin/apache2 -k start
    www-data 30166 0.0 0.7 36080 7196 ? S 17:41 0:00 /usr/sbin/apache2 -k start
    www-data 30167 0.0 0.6 36068 7104 ? S 17:41 0:00 /usr/sbin/apache2 -k start
    www-data 30168 0.0 0.6 35692 6224 ? S 17:41 0:00 /usr/sbin/apache2 -k start
    www-data 30169 0.0 0.5 36080 6104 ? S 17:41 0:00 /usr/sbin/apache2 -k start
    www-data 30170 0.0 0.6 36080 6284 ? S 17:41 0:00 /usr/sbin/apache2 -k start
    www-data 30175 0.0 0.6 35692 6220 ? S 17:42 0:00 /usr/sbin/apache2 -k start
    www-data 30176 0.0 0.6 36128 6956 ? S 17:42 0:00 /usr/sbin/apache2 -k start
    www-data 30177 0.0 0.6 36156 6984 ? S 17:42 0:00 /usr/sbin/apache2 -k start
    =================
    I can see "lighttpd" is not using root user. We can configure lighttpd as a standalone user itself.

    Some syus say it is for binding ports and listening , then why lighttpd don't need root user for doing such stuff .


    Is it really a bug ?

  2. #2
    This is normal, the parent process will be owned by root then spawn the children owned by the user configured in httpd.conf
    Accelerated Hosting - From Constant Internet
    Automatically serving your website from the nearest server
    Get hosted on our global network! America / Europe / Asia

  3. #3
    Join Date
    Jun 2003
    Location
    World Wide Web
    Posts
    581
    the parent process for litespeed httpd will be owned by root.

    check it using the following command

    ps auxf | grep http
    SupportExpertz.com - the name says it all!
    Managed Cloud Servers
    Server Management and Monitoring
    24x7 outsourced customer support

  4. #4
    Join Date
    Apr 2009
    Location
    inside wht
    Posts
    716
    Quote Originally Posted by logicsupport View Post
    the parent process for litespeed httpd will be owned by root.

    check it using the following command
    I mean "Lighttpd" and not "litespeed" . both are different

    See one of my servers using lighttpd
    ========
    $ps aux | grep lighttpd
    www-data 16202 0.0 0.0 5972 1592 ? S 17:37 0:00 /usr/local/lighttpd/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
    ========

    My question is why apache still choosing this method ?

  5. #5
    Join Date
    Mar 2008
    Posts
    1,717
    Quote Originally Posted by vcPanel View Post
    My question is why apache still choosing this method ?
    Because it's the easiest way to maintain things like opening privileged ports without a restart, reading config files and/or certificates, etc.

    It's not really that big of a deal, privileges are dropped for the majority of operations - it's just the "supervisor" process that retains root privileges. "Apache running as root" was really only a ZOMFGbigdeal because you could execute CGI scripts as root as well. I'd personally be willing to bet that all of the network-related code is running with reduced privileges so a remote exploit in Apache doesn't even mean instant root anymore.

    I wouldn't worry about it too much.
    I used to run the oldest commercial Mumble host.

  6. #6
    Join Date
    Jun 2003
    Location
    World Wide Web
    Posts
    581
    Sorry I misread lighttpd as lshttpd. I am aware of the fact that both are different. ..

    Parent process running as root is safe, while it is possible to run a webserver without root privileges.
    SupportExpertz.com - the name says it all!
    Managed Cloud Servers
    Server Management and Monitoring
    24x7 outsourced customer support

Similar Threads

  1. Why my apache is running under root?
    By FrzzMan in forum Hosting Security and Technology
    Replies: 3
    Last Post: 09-13-2004, 06:56 AM
  2. root use 99.9% for apache?
    By WWWhost in forum Hosting Security and Technology
    Replies: 6
    Last Post: 06-30-2004, 08:47 AM
  3. Apache run as root
    By AlexAT in forum Hosting Security and Technology
    Replies: 12
    Last Post: 11-04-2003, 08:18 AM
  4. Apache - root privs
    By dbbrock1 in forum Hosting Security and Technology
    Replies: 7
    Last Post: 05-01-2003, 11:26 AM
  5. Apache running as root!
    By X-TechMedia in forum Hosting Security and Technology
    Replies: 3
    Last Post: 03-11-2003, 11:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •