修改apache的httpd服务为root权限
一、修改配置文件
- 修改配置文件及重启服务
- [root@localhost ~]# cd /etc/httpd/conf
- [root@localhost conf]# vim httpd.conf修改配置文件
将User 和group改为root:
- [root@localhost conf]# service httpd restart
- Stopping httpd: [ OK ]
- Starting httpd: Syntax error on line 244 of/etc/httpd/conf/httpd.conf:
- Error: Apache has not been designed to serve pageswhile running as root. There areknown race conditions that will allow any local user to read any file on thesystem. If you still desire to serve pages as root then add -DBIG_SECURITY_HOLEto the CFLAGS env variable and then rebuild the server. It is stronglysuggested that you instead modify the User directive in your httpd.conf fileto list a non-root user.
- <span style="color:#ff6666;">[FAILED]</span>
- [root@localhost conf]#
重启服务出错。Error: Apache has not been designed to serve pageswhile running as root. There areknown race conditions that will allow any local user to read any file on thesystem. If you still desire to serve pages as root then add -DBIG_SECURITY_HOLEto the CFLAGS env variable and then rebuild the server. It is stronglysuggested that you instead modify the User directive in your httpd.conf fileto list a non-root user.
从报错信息来看意思就是:如果要用root用户来跑apache服务,需要添加“-DBIG_SECURITY_HOLE”到CFLAGS环境变量中,然后在重新编译源代码。
二、下载源码,修改,重新编译
1. 清理环境
- [root@localhost software]# rpm -qa |grep apr
- apr-1.3.9-5.el6_2.x86_64
- apr-util-1.3.9-3.el6_0.1.x86_64
- apr-util-ldap-1.3.9-3.el6_0.1.x86_64
- [root@localhost software]# rpm -e apr
- error: Failed dependencies:
- libapr-1.so.0()(64bit) is needed by (installed) apr-util-1.3.9-3.el6_0.1.x86_64
- libapr-1.so.0()(64bit) is needed by (installed) httpd-tools-2.2.15-39.el6.centos.x86_64
- libapr-1.so.0()(64bit) is needed by (installed) httpd-2.2.15-39.el6.centos.x86_64
- [root@localhost software]# rpm -e --nodeps apr【--nodeps表示不要做依赖检查】
- [root@localhost software]# rpm -e --nodeps apr-util
- [root@localhost software]# rpm -qa |grep apr
- apr-util-ldap-1.3.9-3.el6_0.1.x86_64
- [root@localhost software]#
2. 下载源码编译安装
- [root@localhost software]# wget http://archive.apache.org/dist/apr/apr-1.4.5.tar.gz
- [root@localhost software]# wget http://archive.apache.org/dist/apr/apr-util-1.3.12.tar.gz
- [root@localhost software]# wget http://jaist.dl.sourceforge.net/project/pcre/pcre/8.10/pcre-8.10.zip
- [root@localhost software]# ls
- apr-1.4.5.tar.gz apr-util-1.3.12.tar.gz pcre-8.10.zip
- [root@localhost apr-1.4.5]# ./configure --prefix=/usr/local/apr
- [root@localhost apr-1.4.5]# make && make install
- [root@localhost apr-util-1.3.12]# ./configure --prefix=/usr/local/apr-util -with-apr=/usr/local/apr/bin/apr-1-config
- [root@localhost apr-util-1.3.12]# make && make install
- [root@localhost pcre-8.10]# ./configure --prefix=/usr/local/pcre
- [root@localhost pcre-8.10]# make && make install
下载apache并修改源码:
- <p>[root@localhost software]# wgethttp://mirrors.hust.edu.cn/apache//httpd/httpd-2.4.10.tar.gz</p><p>[root@localhost software]# tar -xvf httpd-2.4.10.tar.gz </p><span style="color: windowtext;">[root@localhost software]# cd httpd-2.4.10</span>
修改代码include/http_config.h,在文件头添加上重新编译:
- #ifndefBIG_SECURITY_HOLE
- #defineBIG_SECURITY_HOLE
- #endif
- [root@localhost httpd-2.4.10]# ./configure --prefix=/usr/local/httpd --enable-ssl --enable-cgi --enable-mods-shared=allable-ssl --enable-cgi --enable-mods-shared=all --enable-track-vars --enable-rewrite <strong>--with-apr-util=/usr/local/apr-util/ --with-apr=/usr/local/apr --with-pcre=/usr/local/pcre</strong>
- [root@localhost httpd-2.4.10]# make && make install
3、修改配置文件重启服务
此时如果启动服务,那对应的User是配置文件中默认的User:deamon或者apache。那么现在修改配置文件:
将User和Group改为root.
- [root@localhost httpd-2.4.10]# vim /usr/local/httpd/conf/httpd.conf
重启服务:
- [root@localhost httpd-2.4.10]# /usr/local/httpd/bin/apachectl start
- AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
- 则:修改配置文件中的ServerName
修改配置文件中的ServerName为:ServerName localhost:80。重启服务:如果执行 service httpd restart 出现httpd: unrecognized service错误,则将/usr/local/httpd/bin/apachectl 拷贝到/etc/init.d/httpd即可。
- [root@localhost httpd-2.4.10]# /usr/local/httpd/bin/apachectl start
- [root@localhost httpd-2.4.10]# ps -ef |grep httpd
- root 9919 1 0 16:02 ? 00:00:00 /usr/local/httpd/bin/httpd -k start
- root 9920 9919 0 16:02 ? 00:00:00 /usr/local/httpd/bin/httpd -k start
- root 9921 9919 0 16:02 ? 00:00:00 /usr/local/httpd/bin/httpd -k start
- root 9922 9919 0 16:02 ? 00:00:00 /usr/local/httpd/bin/httpd -k start
- root 10005 12944 0 16:03 pts/2 00:00:00 grep httpd
- [root@localhost httpd-2.4.10]#
至此,修改权限成功。鼓掌^^
补充(安装pcre可能遇到的出错状况):
./libtool: line 990: g++: command not found
make[1]: *** [pcrecpp.lo] Error 1
make[1]: Leaving directory `/root/software/pcre-8.10'
make: *** [all] Error 2
解决办法:yum install gcc+ gcc-c++- make && make install的时候出错:
libtool: link: unsupported hardcode properties
libtool: link: See the libtool documentation for moreinformation.
libtool: link: Fatal configuration error.
解决方案:在yum install gcc+ gcc-c++后要重新编译./configure下,再make即可。
其他link:
- httpd unrecognised:http://blog.sina.com.cn/s/blog_701300bc0100nzuu.html
- root身份运行apache: http://www.linuxidc.com/Linux/2013-02/78967.htm
- 编译安装apache遇到的问题:http://xtony.blog.51cto.com/3964396/836508