Run apache as apache.apache not nobody

st0rm

• July 12, 2014 17:42

Hello all, I know this is the default configuration for cPanel, running apache as nobody that is . And i also know that php is running under handler(in my case fscgi) and using suexec . i just want to run apache under apache.apache for firewalling reasons . could this be done ? and if so would it sustain updating ? do i have to reconfigure apache to run under apache.apache each time i update cPanel ? Thank you all for your time

• 

  vanessa

  • July 13, 2014 18:06

  The user/group is defined in /var/cpanel/conf/apache/main, but this file is overwritten when EA is run. So, you'd probably want to use a local template to override this: cp /var/cpanel/templates/apache2/main.default /var/cpanel/templates/apache2/main.local
  Edit these lines and hardcode the user in so they are not pulled from the main template: User [% main.user.item.user %] Group [% main.group.item.group %]
  Then: /scripts/rebuildhttpdconf service httpd restart
  Not sure what other issues this may cause though.

  0
• 

  st0rm

  • July 13, 2014 23:15

  Thank you A LOT .... Do you have something in mind what this might cause problems to apache or other services running ?

  0
• 

  vanessa

  • July 13, 2014 23:23

  cPanel expects the Apache user to be 'nobody'. It won't cause a problem with Apache, but there are some scripts cPanel uses that assume 'nobody' is the user. If you're running PHP in CGI mode, it's probably not as big of a deal. Why do you even need to do this? Are you not able to change your firewall rules to use 'nobody'?

  0
• 

  st0rm

  • July 14, 2014 15:15

  the problem is, i want to firewall the outbound of the server's connections by making firewall match the owner of the connection .. not to accept outbound connection unless it was from apache/exim/named/ftp/root .. that's how i want to configure it so if i ran apache as nobody how can i control this ? although yes i do run php in CGI mode, FSCGI to be exact any advice would be more than welcome :) Thank you for your time

  0
• 

  quizknows

  • July 14, 2014 17:36

  "nobody" is still a username just like apache. You could still configure the firewall rules for that UID/GID.

  0
• 

  st0rm

  • July 14, 2014 19:03

  Sure, but any one with username nobody will apply to the same firewall rules as apache .. hence the problem, he/she will have an outbound OK .. which is what i do not want ..

  0
• 

  quizknows

  • July 14, 2014 19:48

  As far as I know the only things that use "nobody" on a cPanel server are Apache and sometimes the FTP server. Changing the username of the Apache processes from nobody to apache will change virtually nothing.

  0
• 

  cPanelMichael

  • July 15, 2014 13:49

  [quote="st0rm, post: 1684331">i just want to run apache under apache.apache for firewalling reasons .
  Are you positive the firewall rules are not configurable any other way besides changing the username used by Apache? It seems like it would be easier to just modify the firewall rules. Thank you.

  0
• 

  st0rm

  • July 15, 2014 15:42

  So basically i can still run apache as nobody and configure firewall according to nobody .. Thank you all for your time

  0

Please sign in to leave a comment.