* Jose Gutierrez wrote:
> Can anyone tell me razonable reasons because apache must not run as root user?
It's not designed to be run as root. Look for example, how much effort is
taken in suexec to make sure that the sytem won't be compromised. The httpd
itself doesn't care much about such effort (except for the startup code, of
course).
And - an httpd is designed to grant public access to resources. Do you
really want to allow everybody to execute programs on your machine *as
root*?
> i want to configures apache for hosting an unique web (my web) at my
> dedicated server, serving php and perl cgi's. I am mainly warred about
> stability of the system.
Especially the modular concept is dangerous for running as root. Do you
*know* that mod_php and your cgis resp. any of the modules are safe? Nobody
knows, so they're probably not. There are two much possibilities how the
different components may interact.
Finally, I think, you're asking the wrong question. It should be: "Why do I
want the httpd to be run as root?"
HTH, nd
--
"Eine Eieruhr", erkl�rt ihr Hermann, "besteht aus einem Ei. Du nimmst
das Ei und kochst es. Wenn es hart ist, sind f�nf Minuten um. Dann wei�t
du, da� die Zeit vergangen ist."
-- Hannes H�ttner in "Das Blaue vom Himmel"
