Vérification de l'utilisateur exécutant le serveur Apache


1
[email protected]:/var/www# ps aux | egrep '(apache|httpd)'
root      1086  0.0  0.3  88480  3160 ?        Ss   Mar08   0:09 /usr/sbin/apache2 -k start
www-data  1089  0.0  0.8 445500  8840 ?        Sl   Mar08   0:56 /usr/sbin/apache2 -k start
www-data  1090  0.0  0.8 445564  8832 ?        Sl   Mar08   0:56 /usr/sbin/apache2 -k start
root     12072  0.0  0.0   8160   932 pts/0    S+   19:20   0:00 egrep --color=auto (apache|httpd)

peut sum1 s'il vous plaît informer sur le 1086 processus apache exécuté par la racine.Est-ce un problème de sécurité?

2

No, this is normal. On Debian-based systems, apache2 is started as root. It then forks off and runs under an unprivileged user (typically www-data). The actual work is done by these processes.

Only a privileged process can bind to ports below 1024. So, at least for binding to the default 80 and 443 ports, it will have to run as root.

And, among other things, the original process reads SSL certificate private keys, which are typically only read by root. From /usr/share/doc/apache2/README.Debian.gz:

The SSL key file should only be readable by root; the certificate file may be
globally readable. These files are read by the Apache parent process which runs
as root, and it is therefore not necessary to make the files readable by the
www-data user.

So, this is documented behaviour.


1

No. Apache is always started as "root" and it then uses "setuid" to spawn children that do the actually processing of requests for the apache user.

If you want to create a listening socket on a privileged port (so one below port 1024) you must do that as root (or to be more precise: with user ID 0). Port 80 and 443 for SSL.

So ... if you do no trust Apache to bind to a socket you should not run a webserver on your server.

See for instance http://www.thegeekstuff.com/2011/03/apache-hardening/