Try this:
ps -ef | grep httpd
What you should see is something like below:
apache 10423 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
-DHAVE_ACCESS -D
apache 10424 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
-DHAVE_ACCESS -D
apache 10425 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
-DHAVE_ACCESS -D
apache 10426 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
-DHAVE_ACCESS -D
apache 10427 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
-DHAVE_ACCESS -D
apache 10428 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
-DHAVE_ACCESS -D
apache 10429 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
-DHAVE_ACCESS -D
apache 10430 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
-DHAVE_ACCESS -D
Now if you see root where apache is that means your httpd server was
started by the root user. You should change that ASAP. As you can see
in my example my httpd server was started by the apache user.
I hope this example helps.
Bottom line is that you can log into your server as root and you dont
have to stop the httpd server if the process or processes are owned by
the apache user.
Wayne
On Fri, 2004-07-09 at 11:42, Michael Sullivan wrote:
> Can you clarify what "_RUN_ the web server" means? My current practice
> is this: The only way I work on my server PC is through ssh from a
> client computer because my server PC doesn't have a monitor hooked up to
> it. Anyway, I log in as root and the very first thing I do is "service
> httpd stop". I go about doing whatever task I have to do in that
> session and then I say, "service httpd start; exit". Are you saying
> that I don't have to have Apache stopped while I'm logged in as root, or
> are you saying I shouldn't stay logged in as root after I issue "service
> httpd start"?
>
>
> > Date: Thu, 8 Jul 2004 17:16:07 -0700 (PDT)
> > From: Alan Horn <ahorn@xxxxxxxxxx>
> > Subject: Re: Working as root while Apache is running; how much a risk?
> > To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
> > Message-ID: <Pine.NEB.4.60.0407081714230.962@xxxxxxxxxxxxxxx>
> > Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
> >
> >
> >
> > On Thu, 8 Jul 2004, Michael Sullivan wrote:
> >
> > > When I first started using Red Hat Linux 8.0 I was reading through
> the
> > > Red Hat Linux Security Guide and it said to always shut down Apache
> when
> > > logged in as root to prevent hackers from coming in through the web
> > > server. I've always done it because the Security Guid said to, but
> > > never really understood why. How would hackers come in through the
> web
> > > server? I realize that they could telnet in, but wouldn't they have
> to
> > > log in as a user? What exactly would happen? Can anyone tell me
> how
> > > this would be accomplished? It's annoying having to stop Apache
> when I
> > > log in to work on the system and then starting it again when I log
> > > out...
> >
> > Um, I've never heard of that restriction. You should never _RUN_ the
> > webserver as root (the same goes for any processes that interact with
> the
> > outside world where at all possible).
> >
> > Perhaps thats where the confusion comes from ?
> >
> > The reason for not running a webserver as root is that any method that
> a
> > hacker uses to compromise that webserver will then have a greater
> level
> > (e.g. root) of access into your system. read and modify any files,
> trash
> > your disks.. etc...
> >
> > Cheers,
> >
> > Al
> >
> >
> >
> >
> > ------------------------------
________________________________________________________________________
Wayne Leutwyler, RHCT
Home Page
Feel the Power of the Penguin!
As long as there is breath in my body,
there will be a Penguin on my Desktop.
Home: 614-336-9668
Work: 614-410-7507
________________________________________________________________________
