0

I have set up a webserver using apache with SSL on my ubuntu 12.04. However, when I bootup my webserver, apache starts and runs as root. It runs and occupies port 80, I have to stop it and manually start apache using service apache2 start for it to run as www-data

root       887  0.0  0.3 105692  6576 ?        S    17:18   0:00 /usr/sbin/apache2 -k start

What is the best way to ensure on reboot, it runs with the user www-data

zurik
  • 491
  • 1
  • 8
  • 21

1 Answers1

1

When you want to listen on port 80, apache needs root rights as it is privileged port.

Upon receiving a connection on port 80, apache will spawn a worker process with non-root priviliges to handle the socket over this connection. So you are not exposed to root-exploits if there is a bug in your web application or the apache worker process.

Community
  • 1
  • 1
Dynalon
  • 6,577
  • 10
  • 54
  • 84
  • I am however having problems with that, apache starts and keeps running as root, it does not spawn to run as www-data. My envvars is set to run as www-data however, i have to first kill apache and start again in order for it to run as www-data – zurik Jun 01 '13 at 14:55
  • You env vars are usually ignored in upstart/systemd/init scripts. You have to set the environment variables INSIDE the init script, which is a bad idea if you are using an init script that is shipped by your distro. Re-running /etc/init.d/apache start|stop|reload will actually use your environment vars. I advise not to use env vars, but the apache configuration files to store the config. – Dynalon Jun 01 '13 at 14:57