still apache parent owns root :(

Portal Home > Knowledgebase > Articles Database > still apache parent owns root :(

Posted by Syslint, 07-15-2009, 08:23 AM
Hello, Why apache parent process still owned by root user. ========= root@server:~# ps aux | grep apache2 root 30161 0.0 0.8 35588 8368 ? Ss 17:41 0:00 /usr/sbin/apache2 -k start www-data 30166 0.0 0.7 36080 7196 ? S 17:41 0:00 /usr/sbin/apache2 -k start www-data 30167 0.0 0.6 36068 7104 ? S 17:41 0:00 /usr/sbin/apache2 -k start www-data 30168 0.0 0.6 35692 6224 ? S 17:41 0:00 /usr/sbin/apache2 -k start www-data 30169 0.0 0.5 36080 6104 ? S 17:41 0:00 /usr/sbin/apache2 -k start www-data 30170 0.0 0.6 36080 6284 ? S 17:41 0:00 /usr/sbin/apache2 -k start www-data 30175 0.0 0.6 35692 6220 ? S 17:42 0:00 /usr/sbin/apache2 -k start www-data 30176 0.0 0.6 36128 6956 ? S 17:42 0:00 /usr/sbin/apache2 -k start www-data 30177 0.0 0.6 36156 6984 ? S 17:42 0:00 /usr/sbin/apache2 -k start ================= I can see "lighttpd" is not using root user. We can configure lighttpd as a standalone user itself. Some syus say it is for binding ports and listening , then why lighttpd don't need root user for doing such stuff . Is it really a bug ?
Posted by CI-Andrew, 07-15-2009, 10:19 AM
This is normal, the parent process will be owned by root then spawn the children owned by the user configured in httpd.conf
Posted by supportexpertz, 07-15-2009, 10:28 AM
the parent process for litespeed httpd will be owned by root. check it using the following command
Posted by Syslint, 07-15-2009, 11:00 AM
I mean "Lighttpd" and not "litespeed" . both are different See one of my servers using lighttpd ======== $ps aux | grep lighttpd www-data 16202 0.0 0.0 5972 1592 ? S 17:37 0:00 /usr/local/lighttpd/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf ======== My question is why apache still choosing this method ?
Posted by fwaggle, 07-15-2009, 11:15 AM
Because it's the easiest way to maintain things like opening privileged ports without a restart, reading config files and/or certificates, etc. It's not really that big of a deal, privileges are dropped for the majority of operations - it's just the "supervisor" process that retains root privileges. "Apache running as root" was really only a ZOMFGbigdeal because you could execute CGI scripts as root as well. I'd personally be willing to bet that all of the network-related code is running with reduced privileges so a remote exploit in Apache doesn't even mean instant root anymore. I wouldn't worry about it too much.
Posted by supportexpertz, 07-15-2009, 11:33 AM
Sorry I misread lighttpd as lshttpd. I am aware of the fact that both are different. .. Parent process running as root is safe, while it is possible to run a webserver without root privileges.

Add to Favourites Print this Article