目標:
(推薦教學:apache)
一般使用者編譯的apache,要在該使用者下啟動1024埠以下的apache埠。
1、假設普通用戶為sims20,用該用戶編譯安裝了一個apache,安裝路徑為/opt/aspire/product/sims20/apache
./configure --prefix=/opt/aspire/product/sims20/apache --enable-so --enable-modules=all --enable-mods-shared=all --enable-mods-shared='proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_rewrite' make make install
2、編譯完成後,設置http.conf的監聽端口為80
3、直接用普通用戶sims20啟動
[sims20@bcd-app01 bin]$ ./apachectl start (13)Permission denied: make_sock: could not bind to address [::]:80 (13)Permission denied: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs
出錯原因:在linux下,普通用戶只能用1024以上的端口,而1024以內的連接埠只能由root用戶才可以使用
4、利用setuid來解決問題,這樣使用httpd能以root權限運行
用root用戶登錄,進入/opt/aspire/product/ sims20/apache/bin,分別用chown root httpd、chmod u s httpd 設定httpd的屬主為root及特殊權限
[root@bcd-app01 bin]# ls -l httpd -rwxr-xr-x 1 sims20 aspire 3517470 3月 15 17:12 httpd [root@bcd-app01 bin]# chown root httpd [root@bcd-app01 bin]# ls -l httpd -rwxr-xr-x 1 root aspire 3517470 3月 15 17:12 httpd [root@bcd-app01 bin]# chmod u+s httpd [root@bcd-app01 bin]# ls -l httpd -rwsr-xr-x 1 root aspire 3517470 3月 15 17:12 httpd
5、重新進入普通使用者sims20,啟動apache
[sims20@bcd-app01 bin]$ ./apachectl start
可以正常啟動,沒報錯誤
6、試著訪問一下
[sims20@bcd-app01 bin]$ curl http://10.24.12.159:80403 Forbidden Forbidden
You don't have permission to access / on this server.
報403 Forbidden錯誤
7、看一下進程
[sims20@bcd-app01 bin]$ ps -ef |grep httpd root 7841 1 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start daemon 7844 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start daemon 7845 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start daemon 7846 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start daemon 7847 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start daemon 7848 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 8006 3026 0 17:29 pts/4 00:00:00 grep httpd
怎麼跑出daemon用戶了, 原來httpd主進程仍然以root用戶的權限運行,而它的子進程將以一個較低權限的用戶運行,而這個較低權限用戶daemon 在http.conf中配置
#8 、在http.conf中設定一下,將使用者改成root
User daemon Group daemon
改成
User root Group root
9、再用一般使用者啟動apache
[sims20@bcd-app01 bin]$ ./apachectl restart Syntax error on line 76 of /opt/aspire/product/sims20/apache/conf/httpd.conf: Error:\tApache has not been designed to serve pages while\n\trunning as root. There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
不行的,要重新加參數編譯
10、再修改在http.conf中設定一下,將使用者改成一般使用者吧
改成
User sims20 Group aspire
11、再次用一般使用者sims20啟動apache
[sims20@bcd-app01 bin]$ ./apachectl start [sims20@bcd-app01 bin]$ ps -ef |grep httpd root 9720 1 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9721 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9722 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9723 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9724 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9725 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9739 3026 0 18:09 pts/4 00:00:00 grep httpd
12、試著訪問
[sims20@bcd-app01 bin]$ curl http://10.248.12.159:80It works!
成功了。
以上是apache如何在一般使用者下啟動的詳細內容。更多資訊請關注PHP中文網其他相關文章!
