Cannot start lighttpd with another user
Added by rahulsapnar about 5 years ago
I don't want lighttpd to continue running as root user.
I tried the same using following lighttpd directives but still lighttpd is getting started with 'root' user.
server.username = "abc"
server.groupname = "abc"
After starting lighttpd with root user, I want lighttpd to continue running as 'abc' user.
Lighttpd version is 1.4.53
Thanks in advance.
Replies (5)
RE: Cannot start lighttpd with another user - Added by gstrauss about 5 years ago
This does not belong in the "Development" forum. Moved to "Support".
You probably haven't properly restarted lighttpd, as server.username
and server.groupname
are how to tell lighttpd to use a different user and group, if lighttpd is started as root. Another possibility is that you're not using the lighttpd.conf you think that you are using.
RE: Cannot start lighttpd with another user - Added by rahulsapnar about 5 years ago
Please check following lighttpd.conf file that I am using:-
server.modules = ( "mod_alias", "mod_access", "mod_fastcgi", "mod_setenv") server.document-root = "/var/www" server.event-handler = "poll" mimetype.assign = ( ".css" => "text/css", ".wav" => "audio/x-wav", ".gif" => "image/gif", ".jpg" => "image/jpeg", ".jpeg" => "image/jpeg", ".png" => "image/png", ".html" => "text/html", ".htm" => "text/html", ".js" => "text/javascript", ".conf" => "text/plain", ".text" => "text/plain", ".txt" => "text/plain", ".dtd" => "text/xml", ".xml" => "text/xml", ".tar" => "application/x-tar", ".zip" => "application/zip") index-file.names = ( "index.html", "index.htm" ) alias.url += ( "" => server.document-root ) server.upload-dirs = ( "/run" ) server.stream-request-body = 2 server.username = "abc" server.groupname = "abc" server.bind = "0.0.0.0" server.port = 80 $SERVER["socket"] == "[::]:80" { }
I changed .conf file as above and performed following steps:-
Step 1:- Kill current lighttpd process
xxx.xxx.xxx.xxx # ps -aux | grep light root 1033 0.0 2.1 7248 2484 ? S 10:50 0:00 lighttpd -f /run/lighttpd.conf root 1261 0.0 0.9 2588 1088 pts/0 S+ 11:03 0:00 grep light xxx.xxx.xxx.xxx # kill -9 1033
Step 2 :- Start the lighttpd using lighttpd.conf
xxx.xxx.xxx.xxx # lighttpd -f /run/lighttpd.conf
Step 3:- Check user of started lighttpd
xxx.xxx.xxx.xxx # ps -aux | grep light root 1273 0.0 0.8 5556 1024 ? S 11:04 0:00 lighttpd -f /run/lighttpd.conf root 1275 0.0 0.9 2588 1088 pts/0 S+ 11:04 0:00 grep light xxx.xxx.xxx.xxx #
In step 3, lighttpd is started successfully and it is expected to run as 'abc' user but it is still running on 'root'.
Are the above configurations correct?
Thanks
RE: Cannot start lighttpd with another user - Added by gstrauss about 5 years ago
As I said before, the directives are correct. You (and your system) must be doing something else.
server.username = "abc" server.groupname = "abc"
Is your system restarting lighttpd via init scripts? systemctl stop lighttpd
or /etc/init.d/lighttpd stop
After killing lighttpd processes, manually run lighttpd in the foreground using -D
lighttpd -D -f /run/lighttpd.conf
RE: Cannot start lighttpd with another user - Added by rahulsapnar about 5 years ago
No, i am not using any init scripts to restart lighttpd. To restart, killing lighttpd process manually and starting lighttpd again.
Output of lighttpd -D command:-
xxx.xxx.xxx.xxx # ps -aux | grep light root 1366 0.1 1.6 5556 1932 pts/0 S+ 06:01 0:00 lighttpd -D -f /run/lighttpd.conf root 1387 0.0 0.9 2588 1084 pts/1 S+ 06:01 0:00 grep light
What error does lighttpd show when the user in server.username directive is not permitted?
What permissions are required for user 'abc' when used with server.username & server.groupname directives?
In above lighttpd.conf file, fast_cgi process is also spawned. Will that affect the execution of above directives?
Thanks.
RE: Cannot start lighttpd with another user - Added by gstrauss about 5 years ago
You clearly have not described your environment well.
Are you sure about the contents of /run/lighttpd.conf? Perhaps you're not generating what you think you're generating into /run/lighttpd.conf.
The simplest lighttpd config to demonstrate that this functionality works is three lines:
server.document-root = "/var/www" server.username = "abc" server.groupname = "abc"
That's it. That's the whole lighttpd config, in its entirety. If that config doesn't work for you with
lighttpd -D -f /path/to/test.conf
then use strace -o /dev/shm/lighttpd-strace.log -s 2048 -- lighttpd -D -f /path/to/test.conf
and attach the log.