目標:
(推薦教程:apache)
普通用戶編譯的apache,要在該用戶下啟動1024端口以下的apache端口。
1、假設普通用戶為sims20,用該用戶編譯 安裝了一個apache,安裝路徑為/opt/aspire/product/sims20/apache
./configure?--prefix=/opt/aspire/product/sims20/apache???--enable-so?--enable-modules=all???--enable-mods-shared=all???--enable-mods-shared='proxy?proxy_ajp?proxy_balancer?proxy_connect?proxy_ftp?proxy_http?proxy_rewrite' make?? make?install
2、編譯完成后,設置http.conf的監聽端口為80
3、直接用普通用戶sims20啟動
??[sims20@bcd-app01?bin]$?./apachectl??start (13)Permission?denied:?make_sock:?could?not?bind?to?address?[::]:80 (13)Permission?denied:?make_sock:?could?not?bind?to?address?0.0.0.0:80 no?listening?sockets?available,?shutting?down Unable?to?open?logs
出錯原因:在linux下,普通用戶只能用1024以上的端口,而1024以內的端口只能由root用戶才可以使用
4、利用setuid來解決問題,這樣使用httpd能以root權限運行
用root用戶登錄,進入/opt/aspire/product/sims20/apache/bin,分別用chown root? httpd、chmod u+s httpd 設置httpd的屬主為root及特殊權限
[root@bcd-app01?bin]#?ls??-l??httpd -rwxr-xr-x?1?sims20?aspire?3517470??3月?15?17:12?httpd [root@bcd-app01?bin]#?chown?root??httpd [root@bcd-app01?bin]#?ls??-l??httpd -rwxr-xr-x?1?root?aspire?3517470??3月?15?17:12?httpd [root@bcd-app01?bin]#?chmod?u+s?httpd [root@bcd-app01?bin]#?ls??-l??httpd -rwsr-xr-x?1?root?aspire?3517470??3月?15?17:12?httpd
5、重新進入普通用戶sims20,啟動apache
[sims20@bcd-app01?bin]$?./apachectl??start
可以正常啟動,沒報錯
6、試著訪問一下
?[sims20@bcd-app01?bin]$?curl??http://10.24.12.159:80 nbsp;HTML?PUBLIC?"-//IETF//DTD?HTML?2.0//EN"> <title>403?Forbidden</title><h1>Forbidden</h1> <p>You?don't?have?permission?to?access?/ on?this?server.</p>
報403 Forbidden錯誤
7、看一下進程
[sims20@bcd-app01?bin]$?ps??-ef?|grep?httpd root??????7841?????1??0?17:24??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start daemon????7844??7841??0?17:24??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start daemon????7845??7841??0?17:24??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start daemon????7846??7841??0?17:24??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start daemon????7847??7841??0?17:24??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start daemon????7848??7841??0?17:24??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start sims20????8006??3026??0?17:29?pts/4????00:00:00?grep?httpd
怎么跑出daemon?用戶了,??原來httpd主進程仍然以root用戶的權限運行,而它的子進程將以一個較低權限的用戶運行 ,而這個較低權限用戶daemon?在http.conf中配置
8、在http.conf中配置一下,將用戶改成root
User?daemon Group?daemon
改成
User?root Group?root
9、再次用普通用戶啟動apache
[sims20@bcd-app01?bin]$?./apachectl??restart Syntax?error?on?line?76?of?/opt/aspire/product/sims20/apache/conf/httpd.conf: Error:tApache?has?not?been?designed?to?serve?pages?whilentrunning?as?root.?? There?are?known?race?conditions?thatntwill?allow?any?local?user?to?read?any?file?on?the?system.ntIf?you?still?desire?to?serve?pages?as?root?thenntadd?-DBIG_SECURITY_HOLE?to?the?CFLAGS?env?variablentand?then?rebuild?the?server.ntIt?is?strongly?suggested?that?you?instead?modify?the?Userntdirective?in?your?httpd.conf?file?to?list?a?non-rootntuser.n
不行的,要重新加參數編譯
10、再次修改在http.conf中配置一下,將用戶改成普通用戶吧
改成
User?sims20 Group?aspire
11、再次用普通用戶sims20啟動apache
[sims20@bcd-app01?bin]$?./apachectl??start [sims20@bcd-app01?bin]$?ps??-ef??|grep??httpd root??????9720?????1??0?18:09??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start sims20????9721??9720??0?18:09??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start sims20????9722??9720??0?18:09??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start sims20????9723??9720??0?18:09??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start sims20????9724??9720??0?18:09??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start sims20????9725??9720??0?18:09??????????00:00:00?/opt/aspire/product/sims20/apache/bin/httpd?-k?start sims20????9739??3026??0?18:09?pts/4????00:00:00?grep?httpd
12、試著訪問一下
[sims20@bcd-app01?bin]$?curl??http://10.248.12.159:80 <h1>It?works!</h1>
成功了。
? 版權聲明
文章版權歸作者所有,未經允許請勿轉載。
THE END
喜歡就支持一下吧
