Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th January 2009, 12:05
Paladinemishakal Paladinemishakal is offline
Junior Member
 
Join Date: Jan 2008
Posts: 12
Thanks: 0
Thanked 1 Time in 1 Post
Default Running Vhosts Under Separate UIDs/GIDs With Apache2 mpm-itk On Debian Etch

Hi All,

I am looking at doing up a site with Apache running as different user. I have google and found the steps to do it (http://www.howtoforge.org/running-vh...on-debian-etch).

I have added the directives into one of my vhost file and restarted Apache (sudo /etc/init.d/apache2 restart). I want to know how do I check if it is working as I wanted it to. I tried using "ps aux" and looking for the apache string but I found all the processes started are running either as root or www-data.

root 2101 0.0 1.4 22724 7268 ? Ss 17:52 0:00 /usr/sbin/apache2 -k start
www-data 2103 0.0 0.4 16248 2332 ? S 17:52 0:00 /usr/sbin/apache2 -k start
root 2104 0.0 0.6 22724 3532 ? S 17:52 0:00 /usr/sbin/apache2 -k start
root 2105 0.0 0.6 22724 3520 ? S 17:52 0:00 /usr/sbin/apache2 -k start
root 2106 0.0 0.6 22724 3520 ? S 17:52 0:00 /usr/sbin/apache2 -k start
root 2107 0.0 0.6 22724 3520 ? S 17:52 0:00 /usr/sbin/apache2 -k start
root 2108 0.0 0.6 22724 3520 ? S 17:52 0:00 /usr/sbin/apache2 -k start

1. Is this the correct behaviour?
2. If the user want to restart or reload apache, how can they do that without root access?

Regards.
Reply With Quote
Sponsored Links
  #2  
Old 21st January 2009, 14:11
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Quote:
Originally Posted by Paladinemishakal View Post
1. Is this the correct behaviour?
Yes.
You can remove the <IfModule mpm_itk_module> and </IfModule> lines around the AssignUserId line and restart Apache - if you don't get an error, the module is working fine (you can then insert back the lines).

Quote:
Originally Posted by Paladinemishakal View Post
2. If the user want to restart or reload apache, how can they do that without root access?
You'd have to edit the /etc/sudoers with visudo. But please note that it is a security risk if normal users are able to start/stop/restart/reload Apache - what if a user stops Apache, and you notice it only a few days later?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 22nd January 2009, 05:20
Paladinemishakal Paladinemishakal is offline
Junior Member
 
Join Date: Jan 2008
Posts: 12
Thanks: 0
Thanked 1 Time in 1 Post
Thumbs up Problem solved

Thanks for the advice. I also found out from another post in hackthissite.org and email the writer (WhiteAcid) asking how to verify it.

To find out how to check which module is loaded in Apache2, you can do "/usr/sbin/apache2 -M" which will list out a list of the modules that are loaded. From there, look for the mpm_itk_module(static) which mean it is loaded.

Also another way is to write a simple php script -
<?php echo system('whoami'); ?>

Reload the system and access the script from the browser and check the user/group.
Reply With Quote
The Following User Says Thank You to Paladinemishakal For This Useful Post:
falko (22nd January 2009)
  #4  
Old 1st May 2010, 15:13
Nikolay Ulyanitsky Nikolay Ulyanitsky is offline
Junior Member
 
Join Date: May 2010
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Increase Apache Vhost Security With mpm-itk In RHEL/CentOS 5
__________________
http://www.lystor.org.ua
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How To Set Up Software RAID1 On A Running System Debian Etch - Problem jzupancic HOWTO-Related Questions 4 22nd August 2008 14:13
Move /var to new drive on Debian Etch running ISPConfig McMadd Installation/Configuration 1 12th January 2008 18:14
Debian Etch (Debian 4.0) apache2 file needed Dekalb Installation/Configuration 3 2nd June 2007 00:40
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 01:57
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 15:42


All times are GMT +2. The time now is 06:09.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.