On Thu, 2004-07-08 at 22:56, Jorge Fábregas wrote: > On Thursday 08 July 2004 8:16 pm, Alan Horn wrote: > > > You should never _RUN_ the webserver as root > > Hi, > > How then you make Apache listen to port 80 (a port below 1024) as another user > other than root? ..since only root may use those ports below 1024. > > Jorge Apache has options in the httpd.conf file that let you specify what user apache should run as. I believe by default that user is apache. In the past or on other OSes I believe they used the nobody user. The main thing is to run it as an unprivileged user so if someone finds an exploit they are limited to the privileges of a non root user. -- Scot L. Harris webid@xxxxxxxxxx Doctors and lawyers must go to school for years and years, often with little sleep and with great sacrifice to their first wives. -- Roy G. Blount, Jr.
