[CentOS] an actual hacked machine, in a preserved state
Lamar Owen
lowen at pari.edu
Fri Jan 6 20:59:19 UTC 2012
On Jan 5, 2012, at 11:13 PM, email builder wrote:
> I don't mean to thread-hijack, but I'm curious, if apache runs as its
> own non-root user and /etc/shadow is root-owned and 0400, then
> how could any exploit of software not running as root ever have
> access to that file??
To listen on the default port 80, httpd requires running as root.
According to the Apache httpd site, the main httpd process continues
running as root, with the child processes dropping privileges to the
other user. See:
http://httpd.apache.org/docs/2.1/invoking.html
More information about the CentOS
mailing list