From owner-freebsd-questions Sun Dec 30 17: 2:33 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail2.kcnet.com (mail2.kcnet.com [216.90.72.3]) by hub.freebsd.org (Postfix) with ESMTP id 5D01037B419 for ; Sun, 30 Dec 2001 17:02:18 -0800 (PST) Received: from monk.kcnet.com (arc6x12.kcnet.com [216.90.75.12]) by mail2.kcnet.com (8.12.1/8.12.1) with ESMTP id fBV128ej016125 for ; Sun, 30 Dec 2001 19:02:10 -0600 Received: from miles.kcnet.com (miles.kcnet.com [192.168.1.4]) by monk.kcnet.com (Postfix) with ESMTP id 390498D46 for ; Sun, 30 Dec 2001 18:59:42 -0600 (CST) Received: by miles.kcnet.com (Postfix, from userid 500) id 8A1DB6B3CC; Sun, 30 Dec 2001 18:53:52 -0600 (CST) Date: Sun, 30 Dec 2001 18:53:52 -0600 From: Jeff Muse To: freebsd-questions@FreeBSD.ORG Subject: Re: Getting Apache to run as user www only Message-ID: <20011230185352.A11635@miles.kcnet.com> Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <1009759250.60bc5ff9tdrake@myrealbox.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <1009759250.60bc5ff9tdrake@myrealbox.com>; from tdrake@myrealbox.com on Sun, Dec 30, 2001 at 06:40:50PM -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Dec 30, 2001 at 06:40:50PM -0600, Troy wrote: > Hi all, > I've been running Apache for quite a while, but I'm trying to secure my system and keep as many things from running as root as possible. I have the Apache config set to the default www as the user to run under, but the initial httpd process runs as root. Is there a way to get all the httpd processes to run as www? I don't think so - and if there is, you probably don't want to. You have to be root to bind to ports 1023 and below. If all the processes ran as www, you wouldn't be able to bind to port 80. Jeff -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message