Addressed to: [EMAIL PROTECTED]
John" <[EMAIL PROTECTED]>
** Reply to note from "Airey, John" <[EMAIL PROTECTED]> Wed, 14 Jun 2000 14:23:15
+0100
>
> Slightly longer answer. The process is owned by root. The httpd
> binary switches to another user on start-up, after reading SSL
> Certificates etc. This user owns all the child processes.
>
> I believe there are security issues in being able to change the
> ownership of a process already started.
I don't think it is so much a problem with dropping root in an already
started process, as it is needing to keep a process around that can
re-read the config files, and manage the other processes, say if you
send a kill -HUP (apachectl restart) or kill -USR1 (apachectl
graceful) to apache.
The root process never serves a web page, it is there as a target for
rereading the configuration, and managment of the child processes that
do serve pages.
I think if there is a security issue, it would be with trying to regain
root to reread the config files when needed.
Rick Widmer
http://www.developersdesk.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
