修改apache的httpd服务为root权限

浏览数：60 / 时间：2015年06月09日

一、修改配置文件

修改配置文件及重启服务

[root@localhost ~]# cd /etc/httpd/conf
[root@localhost conf]# vim httpd.conf修改配置文件

将User 和group改为root:

[root@localhost conf]# service httpd restart
Stopping httpd:                                           [  OK  ]
Starting httpd: Syntax error on line 244 of/etc/httpd/conf/httpd.conf:
Error:\tApache has not been designed to serve pageswhile\n\trunning as root.  There areknown race conditions that\n\twill allow any local user to read any file on thesystem.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLEto the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is stronglysuggested that you instead modify the User\n\tdirective in your httpd.conf fileto list a non-root\n\tuser.\n
                                                          <span style="color:#ff6666;">[FAILED]</span>
[root@localhost conf]#
重启服务出错。
Error:\tApache has not been designed to serve pageswhile\n\trunning as root. There areknown race conditions that\n\twill allow any local user to read any file on thesystem.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLEto the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is stronglysuggested that you instead modify the User\n\tdirective in your httpd.conf fileto list a non-root\n\tuser.\n

从报错信息来看意思就是：如果要用root用户来跑apache服务，需要添加“-DBIG_SECURITY_HOLE”到CFLAGS环境变量中，然后在重新编译源代码。

二、下载源码，修改，重新编译

1. 清理环境

[root@localhost software]# rpm -qa |grep apr
apr-1.3.9-5.el6_2.x86_64
apr-util-1.3.9-3.el6_0.1.x86_64
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
[root@localhost software]# rpm -e apr
error: Failed dependencies:
	libapr-1.so.0()(64bit) is needed by (installed) apr-util-1.3.9-3.el6_0.1.x86_64
	libapr-1.so.0()(64bit) is needed by (installed) httpd-tools-2.2.15-39.el6.centos.x86_64
	libapr-1.so.0()(64bit) is needed by (installed) httpd-2.2.15-39.el6.centos.x86_64
[root@localhost software]# rpm -e --nodeps apr【--nodeps表示不要做依赖检查】
[root@localhost software]# rpm -e --nodeps apr-util
[root@localhost software]# rpm -qa |grep apr
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
[root@localhost software]#

2. 下载源码编译安装

[root@localhost software]# wget http://archive.apache.org/dist/apr/apr-1.4.5.tar.gz 
[root@localhost software]# wget http://archive.apache.org/dist/apr/apr-util-1.3.12.tar.gz  
[root@localhost software]# wget http://jaist.dl.sourceforge.net/project/pcre/pcre/8.10/pcre-8.10.zip
[root@localhost software]# ls
apr-1.4.5.tar.gz  apr-util-1.3.12.tar.gz  pcre-8.10.zip
[root@localhost apr-1.4.5]# ./configure --prefix=/usr/local/apr
[root@localhost apr-1.4.5]# make && make install

[root@localhost apr-util-1.3.12]# ./configure --prefix=/usr/local/apr-util -with-apr=/usr/local/apr/bin/apr-1-config
[root@localhost apr-util-1.3.12]# make && make install

[root@localhost pcre-8.10]# ./configure --prefix=/usr/local/pcre
[root@localhost pcre-8.10]# make && make install

下载apache并修改源码：

<p>[root@localhost software]# wgethttp://mirrors.hust.edu.cn/apache//httpd/httpd-2.4.10.tar.gz</p><p>[root@localhost software]# tar -xvf httpd-2.4.10.tar.gz </p><span style="color: windowtext;">[root@localhost software]# cd httpd-2.4.10</span>

修改代码include/http_config.h，在文件头添加上

#ifndefBIG_SECURITY_HOLE
#defineBIG_SECURITY_HOLE
#endif

重新编译：

[root@localhost httpd-2.4.10]# ./configure --prefix=/usr/local/httpd --enable-ssl --enable-cgi --enable-mods-shared=allable-ssl --enable-cgi --enable-mods-shared=all  --enable-track-vars --enable-rewrite <strong>--with-apr-util=/usr/local/apr-util/ --with-apr=/usr/local/apr --with-pcre=/usr/local/pcre</strong>
[root@localhost httpd-2.4.10]# make && make install

3、修改配置文件重启服务

此时如果启动服务，那对应的User是配置文件中默认的User:deamon或者apache。那么现在修改配置文件：

[root@localhost httpd-2.4.10]# vim /usr/local/httpd/conf/httpd.conf

将User和Group改为root.

重启服务：

[root@localhost httpd-2.4.10]# /usr/local/httpd/bin/apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
则：修改配置文件中的ServerName

修改配置文件中的ServerName为：ServerName localhost:80。重启服务：

[root@localhost httpd-2.4.10]# /usr/local/httpd/bin/apachectl start
[root@localhost httpd-2.4.10]# ps -ef |grep httpd
root      9919     1  0 16:02 ?        00:00:00 /usr/local/httpd/bin/httpd -k start
root      9920  9919  0 16:02 ?        00:00:00 /usr/local/httpd/bin/httpd -k start
root      9921  9919  0 16:02 ?        00:00:00 /usr/local/httpd/bin/httpd -k start
root      9922  9919  0 16:02 ?        00:00:00 /usr/local/httpd/bin/httpd -k start
root     10005 12944  0 16:03 pts/2    00:00:00 grep httpd
[root@localhost httpd-2.4.10]#

如果执行 service httpd restart 出现httpd: unrecognized service错误，则将/usr/local/httpd/bin/apachectl 拷贝到/etc/init.d/httpd即可。

至此，修改权限成功。鼓掌

补充（安装pcre可能遇到的出错状况）：

./libtool: line 990: g++: command not found

make[1]: *** [pcrecpp.lo] Error 1

make[1]: Leaving directory `/root/software/pcre-8.10‘

make: *** [all] Error 2
解决办法：yum install gcc+ gcc-c++
make && make install的时候出错：
libtool: link: unsupported hardcode properties

libtool: link: See the libtool documentation for moreinformation.

libtool: link: Fatal configuration error.

解决方案：在yum install gcc+ gcc-c++后要重新编译./configure下，再make即可。

其他link:

httpd unrecognised:http://blog.sina.com.cn/s/blog_701300bc0100nzuu.html

root身份运行apache: http://www.linuxidc.com/Linux/2013-02/78967.htm
编译安装apache遇到的问题：http://xtony.blog.51cto.com/3964396/836508