How to run HTTPD as specific user(s) and not by nobody?

linux apache-2.2 php redhat httpd
18,988

The way to run httpd as a different User|Group is to change the user or group directive in the httpd.conf file. 

User apache
Group apache

This though would only change the nobody in your output above to apache which I guess isn't what you want.

To have httpd run as a particular user you are going to have to create and manage a configuration file for each of them. The configuration file should specify the User and Group appropriately as well as the port the httpd process should bind to via a Listen directive. Remember only privileged users can bind to ports <1024. You can then start it like so

apachectl -f /path/to/aramis.conf -k start -DSSL

Note other httpd directives e.g. VirtualHost will likely need changing too on a per user basis.

Additionally EL variants (RHEL, CentOS Scientific Linux etc ) SELinux is involved. You will have to add the port that each instance will bind to, to the http_port_t group e.g.

semanage port -a -t http_port_t -p tcp 8888

which would allow an httpd instance to bind to port 8888.

If the users will use their home directories to serve files from then you will have to allow it with the httpd_enable_homedires SELinux boolean

 setsebool -P httpd_enable_homedirs on

The above should allow you to configure per user instances of httpd however each user will have to remember which port to use to add to their URLs e.g for aramis above

http://example.com:8888

This is all very messy. To help your users out you should configure your main httpd to listen on port 80 as usual and act as a reverse proxy to the per user instances. Then when aramis connects to e.g.

http://aramis.example.com

the main server proxy's it aramis's instance.

You're going to have to configure the DNS and possibly other things appropriately too.

Share:
18,988

Related videos on Youtube

Jiego Cordoviz
Author by

Jiego Cordoviz

Updated on September 18, 2022

Comments

  • Jiego Cordoviz
    Jiego Cordoviz over 1 year

    Currently, top shows me that almost all httpd processes are run by nobody. "Almost" because 2 of them are run by root.

    How can i make it in such a way that given i have users say: dartagnan, porthos, aramis, athos run httpd each separately as said users?

    I'm hoping to see something like this when i run top:

    PID  USER      Command
1234 dartagnan /usr/local/apache/bin/httpd -k start -DSSL
12   porthos   /usr/local/apache/bin/httpd -k start -DSSL
342  aramis    /usr/local/apache/bin/httpd -k start -DSSL
214  athos     /usr/local/apache/bin/httpd -k start -DSSL

    ============> This is what i currently have and what i DONT like to see:

    PID  USER      Command
1234 nobody    /usr/local/apache/bin/httpd -k start -DSSL
12   nobody    /usr/local/apache/bin/httpd -k start -DSSL
342  nobody    /usr/local/apache/bin/httpd -k start -DSSL
214  nobody    /usr/local/apache/bin/httpd -k start -DSSL 
244  root      /usr/local/apache/bin/httpd -k start -DSSL 
334  root      /usr/local/apache/bin/httpd -k start -DSSL
  • Jiego Cordoviz
    Jiego Cordoviz almost 10 years
    Thanks! I'll try and test these suggestions and give a followup feedback tomorrow.
  • user9517
    user9517 almost 10 years
    @JiegoCordoviz This is just a framework containing some ideas on how to do it. There will likely be lots of detail to consider. There is likely lots of documentation you need to read ans research you need to do.
  • Jiego Cordoviz
    Jiego Cordoviz almost 10 years
    Hi, running apachectl doesn't do me any good. I can only run it once since it would say that httpd is already running. Additionally, i had to run it like sh -x apachectl -f /home/aramis/public_html/httpd-aramis.conf -k stop -DSSL this because i can't run it as how you described it. Also, i'm running RHEL 6 and i don't know what it's for but SELinux is disabled so that didn't help me too. Any other ways to do this? Thanks!
  • user9517
    user9517 almost 10 years
    My next help is to say start to learn how to read documentation, log files and error messages so you can figure things out for yourself. Please also reread the second comment above.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

PHP 5 will not work in Centos 6 for me
Linux / apache web-server segmentation fault warnings
Can RHEL 4 have two instances of apache httpd running using two different config files?
PHP - Unable to load dynamic library '/usr/lib64/php/modules/
File still unwriteable in /var/www/html after the chmod command
Apache2 and PHP5 won't work together
ISPConfig shows the 403 forbidden
Install Apache on RedHat without internet connection
How to change/add ports in apache2, in debian?
PHP Mkdir not working - Full permission