在运维过程中,有时候我们需要以root身份运行apache,之所以管理系统采用root身份运行,是因为有些配置文件或程序必须是root身份才能运行。
    如果使用默认的安装选项装好apache之后,如果简单地修改配置文件,会得到如下提示:

Error: Apache has not been designed to serve pages while running as root. There are known race conditions that will allow any local user to read any file on the system. If you still desire to serve pages as root then add -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your src/Configuration file and rebuild the server. It is strongly suggested that you instead modify the User directive in your httpd.conf file to list a non-root user.

解决办法:采用源码方式重新编译安装apache。

1、卸载系统默认安装的apr、apr-util
      rpm -e  --allmatches --nodeps apr-util
      rpm -e  --allmatches --nodeps apr

2、安装apr
      tar  zxvf   apr-1.4.6.tar.gz
      cd  apr-1.4.6
      ./configure 
      make
      make install
      echo "/usr/local/apr/lib" >>/etc/ld.so.conf
      ldconfig

2、安装apr-util  
      tar   zxvf  apr-util-1.5.1.tar.gz
      cd  apr-util-1.5.1
      ./configure --with-apr=/usr/local/apr
      make
      make install

3、安装pcre
      tar  zxvf   pcre-8.21.tar.gz
      cd  pcre-8.21
      ./configure --with-apr=/usr/local/apr
      make
      make install

4、安装httpd  
      tar zxvf   httpd-2.4.3.tar.gz
      cd  httpd-2.4.3
      修改Apache 源代码,在 include/http_config.h  头部中自行添加如下语句 
      #ifndef BIG_SECURITY_HOLE 
      #define BIG_SECURITY_HOLE
      #endif

      ./configure --prefix=/usr/local/httpd --enable-ssl --enable-cgi --enable-mods-shared=allable-ssl --enable-cgi --enable-mods-shared=all  --enable-track-vars --enable-rewrite
      make
      make install
      cd    /usr/local/httpd/

5、httpd.conf配置
      解压源程序安装包之后,修改Apache 源代码,在 src/include/http_config.h 头部中自行添加  如下语句

       #ifndef BIG_SECURITY_HOLE
       #define BIG_SECURITY_HOLE
       #endif

6、编辑httpd.conf
       ......
       User root
       Group root
       ......
 
7、重启apache

       /usr/local/httpd/bin/apachectl start|stop