Apache httpd以root身份运行

| 文章字数:539 | 阅读时长:2min
这是一篇更新于 383 天前的文章,其中的信息可能已经有所发展或是发生改变。

Apache httpd以root身份运行

错误方法

本以为修改配置文件中的Usergroup就行了,但是呢重启服务的时候报错了

1
Error:\tApache has not been designed to serve pageswhile\n\trunning as root.  There areknown race conditions that\n\twill allow any local user to read any file on thesystem.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLEto the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is stronglysuggested that you instead modify the User\n\tdirective in your httpd.conf fileto list a non-root\n\tuser.\n

从报错信息来看意思就是:如果要用root用户来跑apache服务,需要添加“-DBIG_SECURITY_HOLE”到CFLAGS环境变量中,然后在重新编译源代码

正确方法

卸载httpd

1
rpm -qa|grep httpd

然后使用rpm -e命令来卸载掉相关的包就行。

下载源码

1
2
3
wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.gz
wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-1.7.0.tar.gz
wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-util-1.6.1.tar.gz

解压软件包

1
2
3
tar -zxvf apr-1.7.0.tar.gz
tar -zxvf apr-util-1.6.1.tar.gz
tar -zxvf httpd-2.4.46.tar.gz

编译安装apr

1
2
3
4
5
6
7
8
##编译安装apr
cd apr-1.7.0
./configure --prefix=/usr/local/apr #配置安装目录
make && make install

cd apr-util-1.6.1
./configure --prefix=/usr/local/apr-util/ --with-apr=/usr/local/apr/bin/apr-1-config
make && make install

编译安装httpd

需要下载并编译安装pcre环境,不然会报错

checking for pcre-config… false
configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/

1
2
3
4
5
6
wget ftp://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz
tar -zxvf pcre-8.44.tar.gz

cd pcre-8.44
./configure --prefix=/usr/local/pcre/
make && make install

编译安装httpd之前,需要修改/httpd-2.4.46/include/http_config.h,在在文件头添加上

1
2
3
#ifndef BIG_SECURITY_HOLE
#define BIG_SECURITY_HOLE
#endif
1
2
3
4
cd httpd-2.4.46 
./configure --prefix=/usr/local/httpd --enable-ssl --enable-cgi --enable-mods-shared=allable-ssl --enable-cgi --enable-mods-shared=all --enable-track-vars --enable-rewrite --with-apr-util=/usr/local/apr-util/ --with-apr=/usr/local/apr --with-pcre=/usr/local/pcre/

make && make install

修改配置文件重启服务

修改User跟Group和ServerName

1
2
3
4
5
6
vim /usr/local/httpd/conf/httpd.conf

User root
Group root

ServerName 127.0.0.1:80

重启服务

1
/usr/local/httpd/bin/apachectl start

然后浏览器输入127.0.0.1访问看到 It Works则说明成功。

扫码加我微信