2

I believe I had set everything up correctly when I had built the server (maybe it was a pre-configured LAMP that the VPS host Linode supplied that set things up)

It seems that every Apache process runs under the user nobody which is what I had intended in the configuration, however the lower PID (longest running Apache process) is still running under root, an my PHP scripts seem to report the current user as root through asking in phpinfo().

is this due to the fact root may be spawning Apache, and its children are spawning correctly under the defined nobody user as per its configuration? Do any of the actual pages get processed through that root Apache process or is it just there to be a parent?

I am a little concerned, however have no problem with starting a new Apache with a fresh mind to fix this if it is a little more than a configuration mishap.

Minor extra info edit: It appears $_SERVER['user'] is root even though $_SERVER['apache_run_user'] (similar to that) shows www-data (even though not nobody), I am unsure if this is PHP's fault, maybe I will try editing a root file in PHP and see..

edit 2: nope, PHP cannot edit root files. Guess $_SERVER['user'] (and a hacky audit script) is wrong to assume PHP is root then. still wondering about the Apache process though,.

Alexander
  • 207
  • 1
  • 3
  • 11

1 Answers1

4

is this due to the fact root may be spawning Apache, and its children are spawning correctly under the defined nobody user as per its configuration?

Yes.

Do any of the actual pages get processed through that root Apache process or is it just there to be a parent?

No, no pages are processed through the root process and yes, it is only there to be a parent. It needs to be that way for the following reason.

Apache binds to a privileged port (i.e. a port with a low numer, up to and including 1023), mostly 80 or 443. You need to be root to bind to a privileged port: that is why they are called 'privileged ports'.

If you check your main sshd process, you'll see that that process too runs as root. Now connect through ssh. Odds are your personal sshd process, forked from the main one, is running under your own, unprivileged account.

wzzrd
  • 10,269
  • 2
  • 32
  • 47
  • Thank you, these are one of the things that make a lot of sense instantly once you know the reasoning behind them. Glad I've not exposed any issues on my auditing checklist, yet. – Alexander Jul 05 '11 at 10:34