在运维过程中,有时候我们需要以root身份运行apache,之所以管理系统采用root身份运行,是因为有些配置文件或程序必须是root身份才能运行。
如果使用默认的安装选项装好apache之后,如果简单地修改配置文件,会得到如下提示:
Error: Apache has not been designed to serve pages while running as root. There are known race conditions that will allow any local user to read any file on the system. If you still desire to serve pages as root then add -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your src/Configuration file and rebuild the server. It is strongly suggested that you instead modify the User directive in your httpd.conf file to list a non-root user.
解决办法:采用源码方式重新编译安装apache。
1、卸载系统默认安装的apr、apr-util
rpm -e --allmatches --nodeps apr-util
rpm -e --allmatches --nodeps apr
2、安装apr
tar zxvf apr-1.4.6.tar.gz
cd apr-1.4.6
./configure
make
make install
echo "/usr/local/apr/lib" >>/etc/ld.so.conf
ldconfig
2、安装apr-util
tar zxvf apr-util-1.5.1.tar.gz
cd apr-util-1.5.1
./configure --with-apr=/usr/local/apr
make
make install
3、安装pcre
tar zxvf pcre-8.21.tar.gz
cd pcre-8.21
./configure --with-apr=/usr/local/apr
make
make install
4、安装httpd
tar zxvf httpd-2.4.3.tar.gz
cd httpd-2.4.3
修改Apache 源代码,在 include/http_config.h 头部中自行添加如下语句
#ifndef BIG_SECURITY_HOLE
#define BIG_SECURITY_HOLE
#endif
./configure --prefix=/usr/local/httpd --enable-ssl --enable-cgi --enable-mods-shared=allable-ssl --enable-cgi --enable-mods-shared=all --enable-track-vars --enable-rewrite
make
make install
cd /usr/local/httpd/
5、httpd.conf配置
解压源程序安装包之后,修改Apache 源代码,在 src/include/http_config.h 头部中自行添加 如下语句
#ifndef BIG_SECURITY_HOLE
#define BIG_SECURITY_HOLE
#endif
6、编辑httpd.conf
......
User root
Group root
......
7、重启apache
/usr/local/httpd/bin/apachectl start|stop
1249
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
