首页 > 代码库 > 修改apache的httpd服务为root权限
修改apache的httpd服务为root权限
一、修改配置文件
- 修改配置文件及重启服务
[root@localhost ~]# cd /etc/httpd/conf [root@localhost conf]# vim httpd.conf修改配置文件
将User 和group改为root:
[root@localhost conf]# service httpd restart Stopping httpd: [ OK ] Starting httpd: Syntax error on line 244 of/etc/httpd/conf/httpd.conf: Error:\tApache has not been designed to serve pageswhile\n\trunning as root. There areknown race conditions that\n\twill allow any local user to read any file on thesystem.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLEto the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is stronglysuggested that you instead modify the User\n\tdirective in your httpd.conf fileto list a non-root\n\tuser.\n <span style="color:#ff6666;">[FAILED]</span> [root@localhost conf]#
重启服务出错。Error:\tApache has not been designed to serve pageswhile\n\trunning as root. There areknown race conditions that\n\twill allow any local user to read any file on thesystem.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLEto the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is stronglysuggested that you instead modify the User\n\tdirective in your httpd.conf fileto list a non-root\n\tuser.\n
从报错信息来看意思就是:如果要用root用户来跑apache服务,需要添加“-DBIG_SECURITY_HOLE”到CFLAGS环境变量中,然后在重新编译源代码。
二、下载源码,修改,重新编译
1. 清理环境
[root@localhost software]# rpm -qa |grep apr apr-1.3.9-5.el6_2.x86_64 apr-util-1.3.9-3.el6_0.1.x86_64 apr-util-ldap-1.3.9-3.el6_0.1.x86_64 [root@localhost software]# rpm -e apr error: Failed dependencies: libapr-1.so.0()(64bit) is needed by (installed) apr-util-1.3.9-3.el6_0.1.x86_64 libapr-1.so.0()(64bit) is needed by (installed) httpd-tools-2.2.15-39.el6.centos.x86_64 libapr-1.so.0()(64bit) is needed by (installed) httpd-2.2.15-39.el6.centos.x86_64 [root@localhost software]# rpm -e --nodeps apr【--nodeps表示不要做依赖检查】 [root@localhost software]# rpm -e --nodeps apr-util [root@localhost software]# rpm -qa |grep apr apr-util-ldap-1.3.9-3.el6_0.1.x86_64 [root@localhost software]#
2. 下载源码编译安装
[root@localhost software]# wget http://archive.apache.org/dist/apr/apr-1.4.5.tar.gz [root@localhost software]# wget http://archive.apache.org/dist/apr/apr-util-1.3.12.tar.gz [root@localhost software]# wget http://jaist.dl.sourceforge.net/project/pcre/pcre/8.10/pcre-8.10.zip [root@localhost software]# ls apr-1.4.5.tar.gz apr-util-1.3.12.tar.gz pcre-8.10.zip [root@localhost apr-1.4.5]# ./configure --prefix=/usr/local/apr [root@localhost apr-1.4.5]# make && make install [root@localhost apr-util-1.3.12]# ./configure --prefix=/usr/local/apr-util -with-apr=/usr/local/apr/bin/apr-1-config [root@localhost apr-util-1.3.12]# make && make install [root@localhost pcre-8.10]# ./configure --prefix=/usr/local/pcre [root@localhost pcre-8.10]# make && make install
下载apache并修改源码:
<p>[root@localhost software]# wgethttp://mirrors.hust.edu.cn/apache//httpd/httpd-2.4.10.tar.gz</p><p>[root@localhost software]# tar -xvf httpd-2.4.10.tar.gz </p><span style="color: windowtext;">[root@localhost software]# cd httpd-2.4.10</span>
修改代码include/http_config.h,在文件头添加上#ifndefBIG_SECURITY_HOLE #defineBIG_SECURITY_HOLE #endif重新编译:[root@localhost httpd-2.4.10]# ./configure --prefix=/usr/local/httpd --enable-ssl --enable-cgi --enable-mods-shared=allable-ssl --enable-cgi --enable-mods-shared=all --enable-track-vars --enable-rewrite <strong>--with-apr-util=/usr/local/apr-util/ --with-apr=/usr/local/apr --with-pcre=/usr/local/pcre</strong> [root@localhost httpd-2.4.10]# make && make install
3、修改配置文件重启服务
此时如果启动服务,那对应的User是配置文件中默认的User:deamon或者apache。那么现在修改配置文件:
[root@localhost httpd-2.4.10]# vim /usr/local/httpd/conf/httpd.conf将User和Group改为root.重启服务:[root@localhost httpd-2.4.10]# /usr/local/httpd/bin/apachectl start AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message 则:修改配置文件中的ServerName
修改配置文件中的ServerName为:ServerName localhost:80。重启服务:[root@localhost httpd-2.4.10]# /usr/local/httpd/bin/apachectl start [root@localhost httpd-2.4.10]# ps -ef |grep httpd root 9919 1 0 16:02 ? 00:00:00 /usr/local/httpd/bin/httpd -k start root 9920 9919 0 16:02 ? 00:00:00 /usr/local/httpd/bin/httpd -k start root 9921 9919 0 16:02 ? 00:00:00 /usr/local/httpd/bin/httpd -k start root 9922 9919 0 16:02 ? 00:00:00 /usr/local/httpd/bin/httpd -k start root 10005 12944 0 16:03 pts/2 00:00:00 grep httpd [root@localhost httpd-2.4.10]#如果执行 service httpd restart 出现httpd: unrecognized service错误,则将/usr/local/httpd/bin/apachectl 拷贝到/etc/init.d/httpd即可。至此,修改权限成功。鼓掌^^
补充(安装pcre可能遇到的出错状况):
./libtool: line 990: g++: command not found
make[1]: *** [pcrecpp.lo] Error 1
make[1]: Leaving directory `/root/software/pcre-8.10‘
make: *** [all] Error 2
解决办法:yum install gcc+ gcc-c++- make && make install的时候出错:
libtool: link: unsupported hardcode properties
libtool: link: See the libtool documentation for moreinformation.
libtool: link: Fatal configuration error.
解决方案:在yum install gcc+ gcc-c++后要重新编译./configure下,再make即可。
- httpd unrecognised:http://blog.sina.com.cn/s/blog_701300bc0100nzuu.html
- root身份运行apache: http://www.linuxidc.com/Linux/2013-02/78967.htm
- 编译安装apache遇到的问题:http://xtony.blog.51cto.com/3964396/836508
修改apache的httpd服务为root权限