Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
131132133134135136137138139140
Chapter 13. Apache Configuration 133
Figure 13-13. Server Configuration
The Lock File value corresponds to the LockFile directive. This directive sets the path to the
lockfile used when Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. It should be left
to the default value unless the logs directory is located on an NFS share. If this is the case,
the default value should be changed to a location on the local disk and to a directory that is
readable only by root.
The PID File value corresponds to the PidFile directive. This directive sets the file in which
the server records its process ID (pid). This file should only be readable by root. In most
cases, it should be left to the default value.
The Core Dump Directory value corresponds to the CoreDumpDirectory directive. Apache
tries to switch to this directory before dumping core. The default value is the ServerRoot.
However, if the user that the server runs as can not write to this directory, the core dump
can not be written. Change this value to a directory writable by the user the server runs as,
if you want to write the core dumps to disk for debugging purposes.
The User value corresponds to the User directive. It sets the userid used by the server to
answer requests. This user’s settings determine the server’s access. Any files inaccessible to
this user will also be inaccessible to your website’s visitors. The default for User is apache.
The user should only have privileges so that it can access files which are supposed to be
visible to the outside world. The user is also the owner of any CGI processes spawned by
the server. The user should not be allowed to execute any code which is not intended to be
in response to HTTP requests.
Warning
Unless you know exactly what you are doing, do not set the User directive to root. Using root as the
User will create large security holes for your Web server.
The parent httpd process first runs as root during normal operations, but is then immedi-
ately handed off to the apache user. The server must start as root because it needs to bind to
a port below 1024. Ports below 1024 are reserved for system use, so they can not be used by
anyone but root. Once the server has attached itself to its port, however, it hands the process
off to the apache user before it accepts any connection requests.