Professional Web Applications Themes

Installing Apache - best practice? - Linux Setup, Configuration & Administration

Hey all, Just curious on your thoughts.. Is it better for me to run apache as Redhat installs it? Or is it best to download the software and create a user account for it? Any security implications of either method? Right now I just downloaded the software and started it up as root. ps shows it running as nobody. Currently just for testing but before I make it available I want to make it as secure as possible. Thanks -- ---- ca "Thanks to the remote control I have the attention span of a gerbil!" "There are 10 types of ...

  1. #1

    Default Installing Apache - best practice?


    Hey all,

    Just curious on your thoughts.. Is it better for me to run apache as
    Redhat installs it? Or is it best to download the software and create a
    user account for it? Any security implications of either method?

    Right now I just downloaded the software and started it up as root. ps
    shows it running as nobody. Currently just for testing but before I make
    it available I want to make it as secure as possible.

    Thanks

    --
    ----
    ca
    "Thanks to the remote control I have the attention span of a gerbil!"
    "There are 10 types of people in the world. Those who understand binary,
    and those who don't."


    Dave Guest

  2. #2

    Default Re: Installing Apache - best practice?

    Dave Best <ca> wrote: 

    If you want apache to run on port 80 he have to start as root, then he
    switch to "nobody", so there is no reason or way to run it on a different
    user account unless you run it on port > 1024.

    Davide
    Davide Guest

  3. #3

    Default Re: Installing Apache - best practice?

    Dave Best wrote:
     

    Apache integrates things into their environment, putting things in /var,
    setting uup config files in /etc/httpd, creating an apache user, etc.
    Also, when security or performance updates happen, the RPM tools will
    find and replace all the old binaries and widgets more gracefully than
    having to delete and re-install by hand: it makes upgrading and
    downgrading a lot less painful, like any other decent package manager.
    The RPM's also separate the quite large manual and the development kit
    into separate packages, so you don't have to install them if you don't
    want them.

    Unless you absolutely need the latest version, I'd stick with a more
    stable and tested RPM release for your OS version.

    Nico Guest

  4. #4

    Default Re: Installing Apache - best practice?

    On Fri, 03 Oct 2003 08:22:04 -0400, Nico Kadel-Garcia
    <net> wrote:
     
    >
    >Apache integrates things into their environment, putting things in /var,
    >setting uup config files in /etc/httpd, creating an apache user, etc.
    >Also, when security or performance updates happen, the RPM tools will
    >find and replace all the old binaries and widgets more gracefully than
    >having to delete and re-install by hand: it makes upgrading and
    >downgrading a lot less painful, like any other decent package manager.
    >The RPM's also separate the quite large manual and the development kit
    >into separate packages, so you don't have to install them if you don't
    >want them.
    >
    >Unless you absolutely need the latest version, I'd stick with a more
    >stable and tested RPM release for your OS version.[/ref]


    That's how it should work in theory.. Redhat is really terrible about
    getting updates out the door - up2date is a serious misnomer.

    You may as well install the 'stock' configuration, it will simplify
    your life when it comes time to upgrade/troubleshoot what you've got.
    All the docs etc. will assume you've got a standard configuration, and
    you'll waste a fair bit of time working out where the heck RH put
    everything.

    Apache is really a spectacular example of that - it took me half an
    hour just to figure out where the httpd bin file was when I tried to
    go from 2.0.40 to 2.0.47! RH is still calling 2.0.40 the latest, btw
    - and there's a TON of fixes in between 40 and 47...

    Mike-

    Mornings: Evolution in action. Only the grumpy will survive.
    -----------------------------------------------------

    Please note - Due to the intense volume of spam, we have
    installed site-wide spam filters at catherders.com. If
    email from you bounces, try non-HTML, non-encoded,
    non-attachments.


    ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
    Michael Guest

  5. #5

    Default Re: Installing Apache - best practice?

    Michael W. e wrote:
     
    >>
    >>Apache integrates things into their environment, putting things in /var,
    >>setting uup config files in /etc/httpd, creating an apache user, etc.
    >>Also, when security or performance updates happen, the RPM tools will
    >>find and replace all the old binaries and widgets more gracefully than
    >>having to delete and re-install by hand: it makes upgrading and
    >>downgrading a lot less painful, like any other decent package manager.
    >>The RPM's also separate the quite large manual and the development kit
    >>into separate packages, so you don't have to install them if you don't
    >>want them.
    >>
    >>Unless you absolutely need the latest version, I'd stick with a more
    >>stable and tested RPM release for your OS version.[/ref]
    >
    >
    >
    > That's how it should work in theory.. Redhat is really terrible about
    > getting updates out the door - up2date is a serious misnomer.[/ref]

    They're good about security updates, and the bleeding edge stuff is
    usally over in the "rawhide" repositories. The problem with bleeding
    edge software is that it isn't stable, and they move things around. It
    may not interoperate correctly with old setups, and they have to be
    repaired by hand: this was a serious issue with OpenSSH when they added
    the PrivSep stuff.
     

    They don't call it "the latest". It's their latest release, which means
    it's been at least nominally tested. There are a lot of interactions
    between Apache, perl modules, mod_* packages, etc. and updating
    willy-nilly to different releases is asking to break your production
    website.

    It's necessary sometimes, and I'm someone who beta tests a lot of new
    packages out of rawhide so that the blood from the bleeding edge
    software comes from my scarred hide rather than my users. But it's a
    risk you need to be aware of. (Ask about the ACPI kernel patches
    sometime....)

    Nico Guest

  6. #6

    Default Re: Installing Apache - best practice?

    On Sat, 04 Oct 2003 10:14:04 -0400, Nico Kadel-Garcia
    <net> wrote:

    [snipped]
     
    >
    >They're good about security updates, and the bleeding edge stuff is
    >usally over in the "rawhide" repositories. The problem with bleeding
    >edge software is that it isn't stable, and they move things around. It
    >may not interoperate correctly with old setups, and they have to be
    >repaired by hand: this was a serious issue with OpenSSH when they added
    >the PrivSep stuff.[/ref]

    Quite true - but the OP asked about Apache, not SSH.
     
    >
    >They don't call it "the latest". It's their latest release, which means
    >it's been at least nominally tested. There are a lot of interactions
    >between Apache, perl modules, mod_* packages, etc. and updating
    >willy-nilly to different releases is asking to break your production
    >website.[/ref]

    You need to read the changelog for Apache... I'm a lot more
    concerned with running some of the security issues in 2.0.40. You're
    absolutely correct about the module problems, btw, especially PHP -
    but you should STILL read the changelog for apache....

     

    I don't think I've ever used rawhide in my life - I tend to go to the
    authors/packages web site, download the code in whatever form, and
    join the mailing list. The only major headache I've ever had is with
    mod_php, because they cannot leave the variable passing conventions
    alone for 2 consecutive revs. They're going to kill that language if
    they don't get their acts together...

    But I digress -

    Mike-

    Mornings: Evolution in action. Only the grumpy will survive.
    -----------------------------------------------------

    Please note - Due to the intense volume of spam, we have
    installed site-wide spam filters at catherders.com. If
    email from you bounces, try non-HTML, non-encoded,
    non-attachments.


    ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
    Michael Guest

Similar Threads

  1. Installing Apache::NNTPGateway
    By Jon Haugsand in forum PERL Modules
    Replies: 0
    Last Post: March 19th, 09:38 PM
  2. How do Installing Flex on Apache(1.3.x)?
    By yooq in forum Macromedia Flex General Discussion
    Replies: 2
    Last Post: March 15th, 01:24 AM
  3. installing apache connector
    By rottmanja in forum Coldfusion Server Administration
    Replies: 1
    Last Post: September 9th, 06:58 AM
  4. Installing PHP with Apache on Linux
    By Stephane Kerner in forum PHP Development
    Replies: 0
    Last Post: July 25th, 01:19 PM
  5. Installing Apache for Dreamweaver
    By GeoBear in forum Macromedia Dreamweaver
    Replies: 2
    Last Post: July 24th, 01:49 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139