Apache Startup-Shutdown problem

I am unable to start or stop apache as a different user other than root. I could able to do it when I login as root but when I login as a different user I can't able to start still I am not getting any error message.

The httpd.conf file is having the following specification

User nobody
Group banesh

When I login as banesh i should able to start and stop the apache web server. I have made necessary changes in permission for various directories and files. Actually the owner of apache is Banesh now.

what I observe is the parent process for httpd is not starting when I logged in as banesh.

When a daemon is binding a port under 1024, it needs root priviledge to start/stop. That said, the User and Group you specify in httpd.conf is the user root will switch to after startup.

Hi,

Thanx for ur quick reply. As per ur idea it should switch off automatically so that the user Banesh should able to shutdown or atartup Apache once it is already started by root. Its not doing that... What is exactly the switch to user means? I am confused.

Banesh

Because the root user runs the parent process.

Try to run this:

ps aux | grep httpd

or whatever equivalent to aux that shows the USER.

Thats true , the process is run by root. What I need is it should switch to user Banesh instead of root.

How can I make the parent process to be run by banesh instead of root when there is no chance to start apache from banesh?

How can I make apache to start by either root or by banesh?

Practically you can't. Technically, you can install Apache under /home/banesh then that's possible. You also need to run Apache on high port, not default port 80.

Now that I am wondering why must you start Apache as non-root user?

Maybe you are looking for something like this ->
http://forums.devshed.com/showthrea...23249&forumid=6

If not, go grab a UNIX administration for dummies book.

HI ,

We installed apache on solaris in 2 different machines. In one machine there is no virtual host or anything where as in other one we have virtual hosting.

In one machine we could able to start apache by a non root user. Actually as per the specification earlier the user is nobody and group is banesh in both the machines. The owner and group of all related directories which apache may access are also the same. I don't understand what is the problem? In both the system is running in port 80.

Once again, listen. Ports < 1024 are reserved for user root to bind to. Non-root users can't. As simple as that.
If you run setuid root, that's a different story.

This is a security feature in UNIX. What's more do I have to repeat? Why don't you read the RFC.

I know that the port number must be >1023 than only we can do few operations. But what I am asking , is there any other alternative?

I don't understand the following line in httpd.conf

"If you wish httpd to run as a different user or group, you must run httpd as root initially and it will switch."

So if u feel comfortable than answer me otherwise no problem...

Many thanx

Take a look at this directive -> http://httpd.apache.org/docs/mod/core.html#startservers

Say you put StartServers 5 and User nobody. Then these 5 child processes will be running as nobody. The user of the initial parent process remains root.
That said, whatever User you set doesn't change the user's parent process, and that's for child process.

Let me give another example just so you can understand better. Say you have suEXEC enabled, you can then specify different user within <VirtualHost>. Now say you have 100 vhosts all specifying with different User and Group. Does that mean Apache is running with 100 different users? No.. The child process will be the default User you specify globally in httpd.conf. When executing a CGI script (not mod_php script), the default user will be switched to the particular vhost's user. User root is still running the parent processs, and at all time.

If you try my dns restart thru browser script (URL I provided previously), that's a different story. User root is then giving priviledge to other user to start/stop the deamon.