Yes, that's a good idea.
But nothing being simple, after changing the port numbers in the config
file (and various file protections) I can start Apache as a
non-privileged user and connect to http on the new http port but I can't
connect to https on the new https port.
Does anyone know why the following changes to my config file aren't
enough to allow me to connect to the new https port????
# Port: The port the standalone listens to. For ports < 1023, you will
# need httpd to be run as root initially.
## Port 80
Port 1080
## User nobody
## Group nobody
User pnpayne
Group pnpayne
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
##
<IfDefine SSL>
## Listen 80
## Listen 443
Listen 1080
Listen 10801
</IfDefine>
##
## SSL Virtual Host Context
##
## <VirtualHost _default_:443>
<VirtualHost _default_:10801>
Regards,
Philip Payne
===================
Kirk Benson wrote:
>
> If what Gianni says is true, you could change the config to listen to ports
> >1024 and then run non-root.
>
> cheers
> Kirk
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Gianni Mariani
> > Sent: Monday, May 08, 2000 2:14 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Segmentation fault but even httpd -X == no core dump???
> >
> >
> >
> > Are you starting apache as root and changing the user ID ?
> >
> > If so, you will not get a core file from httpd - or any other process for
> > that
> > matter. It is considered a security weakness to be able to have a user
> > examine a core file from program that was once run as root.
> >
> > I have used a dumb technique that works - I have apache catch all the
> > signals (segv etc) and then call kill(SIGSTOP) on itself. With a bit of
> > gdb'ing it seems to work.
> >
> > The only reason for httpd to run as root as far as I can tell is
> > so that it
> >
> > can bind to port 80 and 443 which are priviledged ports. Other solutions
> > I thought about was to patch the kernel and specifically allow 80 and 443
> > binding by non-priviledged users or to patch apache and use file
> > descriptor
> >
> > passing (either by exec or ipc messages) and have a program that program
> > run as root.
> >
> > Anyhow, it sux.
> >
> > Philip Payne wrote:
> >
> > > Hi,
> > >
> > > Does anyone have any suggestions on what else I can try to get a core
> > > dump to track down a segmentation fault????
> > >
> > > I've tried the various suggestions in the mod_ssl FAQ including:
> > > 1) Setting CoreDumpDirectory to /tmp
> > > 2) Starting Apache as a non-root user (Apache failed to start because
> > > of privilege problems).
> > > 3) Running the child servers as root (Apache refused to start for
> > > security reasons).
> > > 4) Starting Apache in single-process mode using httpd -X .
> > > but the segmentation fault fails to produce a core dump.
> > >
> > > I'm using Apache/1.3.11 (Unix) PyApache/4.19 mod_ssl/2.5.1 OpenSSL/0.9.5
> > > on Redhat Linux 6.1.
> > >
> > > I'm running a single Apache server for both non-SSL and SSL access.
> > >
> > > It all works perfectly except that child servers die with (e.g.):
> > > [notice] child pid 3732 exit signal Segmentation fault (11)
> > > under the following conditions which are 100% reproducible:
> > > 1) The child server has been used for at least one SSL access.
> > > 2) The child server receives a non-SSL CGI POST request ==>
> > > segmentation fault.
> > > CGI GET requests don't have this problem.
> > >
... ...
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
