How to run HTTPD as specific user(s) and not by nobody?
The way to run httpd as a different User|Group is to change the user or group directive in the httpd.conf file.
User apache
Group apache
This though would only change the nobody
in your output above to apache
which I guess isn't what you want.
To have httpd run as a particular user you are going to have to create and manage a configuration file for each of them. The configuration file should specify the User and Group appropriately as well as the port the httpd process should bind to via a Listen directive. Remember only privileged users can bind to ports <1024. You can then start it like so
apachectl -f /path/to/aramis.conf -k start -DSSL
Note other httpd directives e.g. VirtualHost will likely need changing too on a per user basis.
Additionally EL variants (RHEL, CentOS Scientific Linux etc ) SELinux is involved. You will have to add the port that each instance will bind to, to the http_port_t
group e.g.
semanage port -a -t http_port_t -p tcp 8888
which would allow an httpd instance to bind to port 8888.
If the users will use their home directories to serve files from then you will have to allow it with the httpd_enable_homedires SELinux boolean
setsebool -P httpd_enable_homedirs on
The above should allow you to configure per user instances of httpd however each user will have to remember which port to use to add to their URLs e.g for aramis above
http://example.com:8888
This is all very messy. To help your users out you should configure your main httpd to listen on port 80 as usual and act as a reverse proxy to the per user instances. Then when aramis connects to e.g.
http://aramis.example.com
the main server proxy's it aramis's instance.
You're going to have to configure the DNS and possibly other things appropriately too.
Related videos on Youtube
Jiego Cordoviz
Updated on September 18, 2022Comments
-
Jiego Cordoviz over 1 year
Currently,
top
shows me that almost allhttpd
processes are run bynobody
. "Almost" because 2 of them are run byroot
.How can i make it in such a way that given i have users say:
dartagnan
,porthos
,aramis
,athos
run httpd each separately as said users?I'm hoping to see something like this when i run
top
:PID USER Command 1234 dartagnan /usr/local/apache/bin/httpd -k start -DSSL 12 porthos /usr/local/apache/bin/httpd -k start -DSSL 342 aramis /usr/local/apache/bin/httpd -k start -DSSL 214 athos /usr/local/apache/bin/httpd -k start -DSSL
============> This is what i currently have and what i DONT like to see:
PID USER Command 1234 nobody /usr/local/apache/bin/httpd -k start -DSSL 12 nobody /usr/local/apache/bin/httpd -k start -DSSL 342 nobody /usr/local/apache/bin/httpd -k start -DSSL 214 nobody /usr/local/apache/bin/httpd -k start -DSSL 244 root /usr/local/apache/bin/httpd -k start -DSSL 334 root /usr/local/apache/bin/httpd -k start -DSSL
-
Jiego Cordoviz almost 10 yearsThanks! I'll try and test these suggestions and give a followup feedback tomorrow.
-
user9517 almost 10 years@JiegoCordoviz This is just a framework containing some ideas on how to do it. There will likely be lots of detail to consider. There is likely lots of documentation you need to read ans research you need to do.
-
Jiego Cordoviz almost 10 yearsHi, running
apachectl
doesn't do me any good. I can only run it once since it would say that httpd is already running. Additionally, i had to run it likesh -x apachectl -f /home/aramis/public_html/httpd-aramis.conf -k stop -DSSL
this because i can't run it as how you described it. Also, i'm running RHEL 6 and i don't know what it's for but SELinux is disabled so that didn't help me too. Any other ways to do this? Thanks! -
user9517 almost 10 yearsMy next help is to say start to learn how to read documentation, log files and error messages so you can figure things out for yourself. Please also reread the second comment above.