[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache graceful as non-root

On Tue, Jan 09, 2001 at 09:38:59AM +0100, Sven Burgener wrote:
> Hello Nate
> > you could i bet if you made apachectl setuid root but if security is
> > an issue i wouldn't reccomend it. to do this do chmod u+s apachectl
> Tried it. Doesn't work; Linux seems to silently drop suid root privilges
> on shell scripts.

Either that's a kernel option or it only applies to world-executable scripts.
On my development system, I've got

-rwsr-xr--    1 root     staff        7043 Aug  2 13:07 /usr/sbin/apachectl

and members of the 'staff' group can mostly use apachectl.  The pidfile
seems to remember who actually created it, so if user bob starts apache, both
he and root can stop/graceful it, but if root starts apache, bob's attempts
to stop/graceful it cause apachectl to complain that apache isn't running
(even though the pid is detected correctly).  It seems that parts of the
script honor suid and others don't, but I haven't dug into it.

Anyhow, it's not a complete solution, but it's a start and (as long as you're
careful about who starts apache initially) it might be enough to get things
working for you.

SGI products are used to create the 'Bugs' that entertain us in theatres
and at home. - SGI job posting
Geek Code 3.1:  GCS d? s+: a- C++ UL++$ P++>+++ L+++>++++ E- W--(++) N+ o+
!K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r y+

Reply to: