Robert Nowotniak wrote:
But if you still want to drop all root privileges, here is how to do it: Run it on high number port (>1024) <Apache_Port> by a regular user, the same who is specified by User directive in you httpd.conf. Then redirect all traffic from port 80 to <Apache_Port>. With iptables you can do it with: # iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports <Apache_Port>
Correct me, if I'm wrong, please.
Regards,
There is a doc posted recently on IU's security office website detailing the steps to do this:
http://itso.iu.edu/You_Don't_Need_Root_for_That
Cheers!
-Corey -- [email protected] mailing list
