Project

General

Profile

Cannot start lighttpd with another user

Added by rahulsapnar about 5 years ago

I don't want lighttpd to continue running as root user.

I tried the same using following lighttpd directives but still lighttpd is getting started with 'root' user.

server.username = "abc"
server.groupname = "abc"

After starting lighttpd with root user, I want lighttpd to continue running as 'abc' user.

Lighttpd version is 1.4.53

Thanks in advance.


Replies (5)

RE: Cannot start lighttpd with another user - Added by gstrauss about 5 years ago

This does not belong in the "Development" forum. Moved to "Support".

You probably haven't properly restarted lighttpd, as server.username and server.groupname are how to tell lighttpd to use a different user and group, if lighttpd is started as root. Another possibility is that you're not using the lighttpd.conf you think that you are using.

RE: Cannot start lighttpd with another user - Added by rahulsapnar about 5 years ago

Please check following lighttpd.conf file that I am using:-

server.modules = (
        "mod_alias",
        "mod_access",
        "mod_fastcgi",
        "mod_setenv")
server.document-root = "/var/www" 
    server.event-handler = "poll" 
    mimetype.assign = (
    ".css"          =>      "text/css",
    ".wav"          =>      "audio/x-wav",
    ".gif"          =>      "image/gif",
    ".jpg"          =>      "image/jpeg",
    ".jpeg"         =>      "image/jpeg",
    ".png"          =>      "image/png",
    ".html"         =>      "text/html",
    ".htm"          =>      "text/html",
    ".js"           =>      "text/javascript",
    ".conf"         =>      "text/plain",
    ".text"         =>      "text/plain",
    ".txt"          =>      "text/plain",
    ".dtd"          =>      "text/xml",
    ".xml"          =>      "text/xml",
    ".tar"          =>      "application/x-tar",
    ".zip"          =>      "application/zip")
    index-file.names = ( "index.html", "index.htm" )
    alias.url += ( "" => server.document-root )

server.upload-dirs = ( "/run" )
server.stream-request-body = 2
server.username = "abc" 
server.groupname = "abc" 
server.bind = "0.0.0.0" 
server.port = 80
$SERVER["socket"] == "[::]:80" { }

I changed .conf file as above and performed following steps:-
Step 1:- Kill current lighttpd process

xxx.xxx.xxx.xxx # ps -aux | grep light
root      1033  0.0  2.1   7248  2484 ?        S    10:50   0:00 lighttpd -f /run/lighttpd.conf
root      1261  0.0  0.9   2588  1088 pts/0    S+   11:03   0:00 grep light
xxx.xxx.xxx.xxx # kill -9 1033

Step 2 :- Start the lighttpd using lighttpd.conf

xxx.xxx.xxx.xxx # lighttpd -f /run/lighttpd.conf

Step 3:- Check user of started lighttpd

xxx.xxx.xxx.xxx # ps -aux | grep light
root      1273  0.0  0.8   5556  1024 ?        S    11:04   0:00 lighttpd -f /run/lighttpd.conf
root      1275  0.0  0.9   2588  1088 pts/0    S+   11:04   0:00 grep light
xxx.xxx.xxx.xxx #

In step 3, lighttpd is started successfully and it is expected to run as 'abc' user but it is still running on 'root'.

Are the above configurations correct?

Thanks

RE: Cannot start lighttpd with another user - Added by gstrauss about 5 years ago

As I said before, the directives are correct. You (and your system) must be doing something else.

server.username = "abc" 
server.groupname = "abc" 

Is your system restarting lighttpd via init scripts? systemctl stop lighttpd or /etc/init.d/lighttpd stop

After killing lighttpd processes, manually run lighttpd in the foreground using -D

lighttpd -D -f /run/lighttpd.conf

RE: Cannot start lighttpd with another user - Added by rahulsapnar about 5 years ago

No, i am not using any init scripts to restart lighttpd. To restart, killing lighttpd process manually and starting lighttpd again.

Output of lighttpd -D command:-
xxx.xxx.xxx.xxx # ps -aux | grep light
root      1366  0.1  1.6   5556  1932 pts/0    S+   06:01   0:00 lighttpd -D -f /run/lighttpd.conf
root      1387  0.0  0.9   2588  1084 pts/1    S+   06:01   0:00 grep light

What error does lighttpd show when the user in server.username directive is not permitted?

What permissions are required for user 'abc' when used with server.username & server.groupname directives?

In above lighttpd.conf file, fast_cgi process is also spawned. Will that affect the execution of above directives?

Thanks.

RE: Cannot start lighttpd with another user - Added by gstrauss about 5 years ago

You clearly have not described your environment well.

Are you sure about the contents of /run/lighttpd.conf? Perhaps you're not generating what you think you're generating into /run/lighttpd.conf.

The simplest lighttpd config to demonstrate that this functionality works is three lines:

server.document-root = "/var/www" 
server.username = "abc" 
server.groupname = "abc" 

That's it. That's the whole lighttpd config, in its entirety. If that config doesn't work for you with lighttpd -D -f /path/to/test.conf then use strace -o /dev/shm/lighttpd-strace.log -s 2048 -- lighttpd -D -f /path/to/test.conf and attach the log.

    (1-5/5)