小編給大家分享一下apache在普通用戶下啟動的方法,希望大家閱讀完這篇文章后大所收獲,下面讓我們一起去探討吧�!
我們擁有十年網(wǎng)頁設(shè)計和網(wǎng)站建設(shè)經(jīng)驗(yàn)��,從網(wǎng)站策劃到網(wǎng)站制作�,我們的網(wǎng)頁設(shè)計師為您提供的解決方案�。為企業(yè)提供網(wǎng)站設(shè)計、網(wǎng)站建設(shè)�、微信開發(fā)、小程序設(shè)計�����、手機(jī)網(wǎng)站開發(fā)����、HTML5����、等業(yè)務(wù)。無論您有什么樣的網(wǎng)站設(shè)計或者設(shè)計方案要求�����,我們都將富于創(chuàng)造性的提供專業(yè)設(shè)計服務(wù)并滿足您的需求。
目標(biāo):
普通用戶編譯的apache���,要在該用戶下啟動1024端口以下的apache端口����。
1����、假設(shè)普通用戶為sims20,用該用戶編譯 安裝了一個apache,安裝路徑為/opt/aspire/product/sims20/apache
./configure --prefix=/opt/aspire/product/sims20/apache --enable-so --enable-modules=all --enable-mods-shared=all --enable-mods-shared='proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_rewrite'
make
make install
2、編譯完成后�,設(shè)置http.conf的監(jiān)聽端口為80
3、直接用普通用戶sims20啟動
[sims20@bcd-app01 bin]$ ./apachectl start
(13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
出錯原因:在linux下����,普通用戶只能用1024以上的端口,而1024以內(nèi)的端口只能由root用戶才可以使用
4�����、利用setuid來解決問題��,這樣使用httpd能以root權(quán)限運(yùn)行
用root用戶登錄���,進(jìn)入/opt/aspire/product/sims20/apache/bin�����,分別用chown root httpd�����、chmod u+s httpd 設(shè)置httpd的屬主為root及特殊權(quán)限
[root@bcd-app01 bin]# ls -l httpd
-rwxr-xr-x 1 sims20 aspire 3517470 3月 15 17:12 httpd
[root@bcd-app01 bin]# chown root httpd
[root@bcd-app01 bin]# ls -l httpd
-rwxr-xr-x 1 root aspire 3517470 3月 15 17:12 httpd
[root@bcd-app01 bin]# chmod u+s httpd
[root@bcd-app01 bin]# ls -l httpd
-rwsr-xr-x 1 root aspire 3517470 3月 15 17:12 httpd
5�����、重新進(jìn)入普通用戶sims20,啟動apache
[sims20@bcd-app01 bin]$ ./apachectl start
可以正常啟動�,沒報錯
6、試著訪問一下
[sims20@bcd-app01 bin]$ curl http://10.24.12.159:80
403 Forbidden
Forbidden
You don't have permission to access /
on this server.
報403 Forbidden錯誤
7��、看一下進(jìn)程
[sims20@bcd-app01 bin]$ ps -ef |grep httpd
root 7841 1 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon 7844 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon 7845 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon 7846 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon 7847 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon 7848 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20 8006 3026 0 17:29 pts/4 00:00:00 grep httpd
怎么跑出daemon 用戶了�, 原來httpd主進(jìn)程仍然以root用戶的權(quán)限運(yùn)行,而它的子進(jìn)程將以一個較低權(quán)限的用戶運(yùn)行 �����,而這個較低權(quán)限用戶daemon 在http.conf中配置
8���、在http.conf中配置一下,將用戶改成root
User daemon
Group daemon
改成
User root
Group root
9���、再次用普通用戶啟動apache
[sims20@bcd-app01 bin]$ ./apachectl restart
Syntax error on line 76 of /opt/aspire/product/sims20/apache/conf/httpd.conf:
Error:\tApache has not been designed to serve pages while\n\trunning as root.
There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
不行的���,要重新加參數(shù)編譯
10���、再次修改在http.conf中配置一下,將用戶改成普通用戶吧
改成
User sims20
Group aspire
11�、再次用普通用戶sims20啟動apache
[sims20@bcd-app01 bin]$ ./apachectl start
[sims20@bcd-app01 bin]$ ps -ef |grep httpd
root 9720 1 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20 9721 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20 9722 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20 9723 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20 9724 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20 9725 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20 9739 3026 0 18:09 pts/4 00:00:00 grep httpd
12、試著訪問一下
[sims20@bcd-app01 bin]$ curl http://10.248.12.159:80
It works!
成功了�。
看完了這篇文章,相信你對apache在普通用戶下啟動的方法有了一定的了解��,想了解更多相關(guān)知識����,歡迎關(guān)注創(chuàng)新互聯(lián)行業(yè)資訊頻道,感謝各位的閱讀�!
分享文章:apache在普通用戶下啟動的方法
本文地址:
http://weahome.cn/article/pigiih.html
重慶分公司
重慶分公司
