Re: Win32 Apache service not run as System...
From: cmoon@fas.harvard.eduDate: 07/16/02
- Previous message: Hal Rottenberg: "RE: Win32 Apache service not run as System..."
- In reply to: Catfish: "Win32 Apache service not run as System..."
- Next in thread: owentoby@WellsFargo.COM: "RE: Win32 Apache service not run as System..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Jul 2002 08:39:56 -0400 From: cmoon@fas.harvard.edu To: Catfish <catfish@catfish.homeip.net>
Catfish,
I am running multiple instances of apache on win32 and each has a corresponding
user. It is very straight forward to do. Here are the steps.
1. Create a user account that you want to user for apache. I use %
application_name%_apache so that I can differentiate the seperate apache
instances.
2. Set the NTFS permissions on on the apache directory (I have never needed to
change any of the %system root% permissions to get things to work)
3. Set the service to start as the new user that you created.
4. Restart the service
There is no need to recomplile apache.
I hope that this helps. Feel free to email me with any other questions you
might have
-Chris
-----Original Message-----
From: Catfish [mailto:catfish@catfish.homeip.net]
Sent: Saturday, July 13, 2002 11:20 PM
To: focus-ms@securityfocus.com
Subject: Win32 Apache service not run as System...
I hear a lot of talk, mostly on the *nix side, about not running
daemon/services as root/system accounts if you can avoid it... Is this
doable for Apache 2.x under win32? The current setup sets the server to run
as the SYSTEM account along with all the other services but I would love to
setup a different restricted user with registry/NTFS permissions that would
only allows access to the http root folders and any other required folders
(%systemdir%...etc) but I can't do that with the System user if I want my
system to continue running.
Would doing something like this require recompiling apache? If so I
heard that they are (already have?) planing to code it in a way that would
compile under bcc free tools (I don't have access to vcc++).
If it's such a good idea to run it as a different user why not make that
the default setup?
Thanks for any info.
Quoting Catfish <catfish@catfish.homeip.net>:
> I hear a lot of talk, mostly on the *nix side, about not running
> daemon/services as root/system accounts if you can avoid it... Is this
> doable for Apache 2.x under win32? The current setup sets the server to run
> as the SYSTEM account along with all the other services but I would love to
> setup a different restricted user with registry/NTFS permissions that would
> only allows access to the http root folders and any other required folders
> (%systemdir%...etc) but I can't do that with the System user if I want my
> system to continue running.
> Would doing something like this require recompiling apache? If so I
> heard that they are (already have?) planing to code it in a way that would
> compile under bcc free tools (I don't have access to vcc++).
> If it's such a good idea to run it as a different user why not make
> that
> the default setup?
>
> Thanks for any info.
>
>
- Previous message: Hal Rottenberg: "RE: Win32 Apache service not run as System..."
- In reply to: Catfish: "Win32 Apache service not run as System..."
- Next in thread: owentoby@WellsFargo.COM: "RE: Win32 Apache service not run as System..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
