我想在Linux启动时启动Apache Httpd(像提交密码这样的零干预root
,我不想写root密码来启动apache服务!!!)
后来安装了Apache:
# ./configure --prefix=/usr/local/httpd ... --with-included-apr --with-included-apr-util -with-pcre=/usr/local/pcre --with-z=/usr/local/zlib
# make
# make install
httpd
我做了这个(我创建了一个以组命名的用户root
):
# useradd -g root -r -c "Httpd User" -s /sbin/nologin httpd
# chown -hvR httpd:root /usr/local/httpd/
我更改了权限:
# chown -hvR httpd:root /usr/local/httpd/bin/
# ls -ARl --group-directories-first /usr/local/httpd/bin/
/usr/local/httpd/bin/:
total 2004
-rwSr-Sr-x. 1 httpd root 117511 Jul 12 01:29 ab
-rwSr-Sr-x. 1 httpd root 3461 Jul 12 01:07 apachectl
-rwSr-Sr-x. 1 httpd root 7037 Jul 12 01:26 apr-1-config
-rwSr-Sr-x. 1 httpd root 6596 Jul 12 01:27 apu-1-config
-rwSr-Sr-x. 1 httpd root 23523 Jul 12 01:07 apxs
-rwSr-Sr-x. 1 httpd root 9533 Jul 12 01:29 checkgid
-rwSr-Sr-x. 1 httpd root 8925 Jul 12 01:07 dbmmanage
-rwSr-Sr-x. 1 httpd root 1089 Jul 12 01:07 envvars
-rwSr-Sr-x. 1 httpd root 1089 Jul 12 01:07 envvars-std
-rwSr-Sr-x. 1 httpd root 16476 Jul 12 01:29 fcgistarter
-rwSr-Sr-x. 1 httpd root 60832 Jul 12 01:29 htcacheclean
-rwSr-Sr-x. 1 httpd root 33254 Jul 12 01:29 htdbm
-rwSr-Sr-x. 1 httpd root 18193 Jul 12 01:29 htdigest
-rwSr-Sr-x. 1 httpd root 33958 Jul 12 01:29 htpasswd
-rwSr-Sr-x. 1 httpd root 1606472 Jul 12 01:29 httpd
-rwSr-Sr-x. 1 httpd root 16168 Jul 12 01:29 httxt2dbm
-rwSr-Sr-x. 1 httpd root 17904 Jul 12 01:29 logresolve
-rwSr-Sr-x. 1 httpd root 29642 Jul 12 01:29 rotatelogs
# /usr/local/httpd/bin/apachectl start
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
# chmod -R u=rwx,g=rx,o=rx /usr/local/httpd/bin/
# ls -ARl --group-directories-first /usr/local/httpd/bin/
/usr/local/httpd/bin/:
total 2004
-rwxr-xr-x. 1 httpd root 117511 Jul 12 01:29 ab
-rwxr-xr-x. 1 httpd root 3461 Jul 12 01:07 apachectl
-rwxr-xr-x. 1 httpd root 7037 Jul 12 01:26 apr-1-config
-rwxr-xr-x. 1 httpd root 6596 Jul 12 01:27 apu-1-config
-rwxr-xr-x. 1 httpd root 23523 Jul 12 01:07 apxs
-rwxr-xr-x. 1 httpd root 9533 Jul 12 01:29 checkgid
-rwxr-xr-x. 1 httpd root 8925 Jul 12 01:07 dbmmanage
-rwxr-xr-x. 1 httpd root 1089 Jul 12 01:07 envvars
-rwxr-xr-x. 1 httpd root 1089 Jul 12 01:07 envvars-std
-rwxr-xr-x. 1 httpd root 16476 Jul 12 01:29 fcgistarter
-rwxr-xr-x. 1 httpd root 60832 Jul 12 01:29 htcacheclean
-rwxr-xr-x. 1 httpd root 33254 Jul 12 01:29 htdbm
-rwxr-xr-x. 1 httpd root 18193 Jul 12 01:29 htdigest
-rwxr-xr-x. 1 httpd root 33958 Jul 12 01:29 htpasswd
-rwxr-xr-x. 1 httpd root 1606472 Jul 12 01:29 httpd
-rwxr-xr-x. 1 httpd root 16168 Jul 12 01:29 httxt2dbm
-rwxr-xr-x. 1 httpd root 17904 Jul 12 01:29 logresolve
-rwxr-xr-x. 1 httpd root 29642 Jul 12 01:29 rotatelogs
#
其他
# /bin/su -p -s /bin/sh httpd /usr/local/httpd/bin/apachectl start
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
我出于这个原因创建了一项服务:(简短)如下:
SERVICE_HOME=/usr/local/httpd
SERVICE_USER=httpd
SERVICE_NAME=Httpd
SHUTDOWN_WAIT=20
service_pid() {
echo `ps aux | grep "$SERVICE_USER" | grep "$SERVICE_HOME" | grep -v grep | head -1 | awk '{ print $2 }' `
}
start() {
pid=$(service_pid)
if [ -n "$pid" ]
then
echo "$SERVICE_NAME is already running (pid: $pid)"
else
# Start httpd
echo "Starting $SERVICE_NAME"
/bin/su -p -s /bin/sh $SERVICE_USER $SERVICE_HOME/bin/apachectl start
#/bin/su -p -s /bin/sh httpd authbind /usr/local/httpd/bin/apachectl start
fi
return 0
}
但这是不可能的:
我试图与授权绑定
http://ftp.debian.org/debian/pool/main/a/authbind/authbind_1.2.0.tar.gz
# tar zxvf /.../authbind_1.2.0.tar.gz -C /usr/local/
# cd /usr/local/authbind-1.2.0
# make
# make install
# ls -ARl /etc/authbind/
/etc/authbind/:
total 12
drwxr-xr-x. 2 root root 4096 Jul 12 13:34 byaddr
drwxr-xr-x. 2 root root 4096 Jul 12 13:34 byport
drwxr-xr-x. 2 root root 4096 Jul 12 13:34 byuid
/etc/authbind/byaddr:
total 0
/etc/authbind/byport:
total 0
/etc/authbind/byuid:
total 0
#
# touch /etc/authbind/byport/80
# chown httpd:root /etc/authbind/byport/80
# chmod 755 /etc/authbind/byport/80
尝试从提示符中进行测试(我需要 apache 以httpd
用户身份启动!!!)
# /bin/su -p -s /bin/sh httpd authbind /usr/local/httpd/bin/apachectl start
/usr/local/bin/authbind: /usr/local/bin/authbind: cannot execute binary file
# /bin/su -p -s /bin/sh httpd exec authbind /usr/local/httpd/bin/apachectl start
sh: exec: No such file or directory
# /bin/su -p -s /bin/sh httpd exec authbind --deep /usr/local/http/bin/apachectl start
/bin/su: unrecognized option '--deep'
Try `/bin/su --help' for more information.
#
问题一:
工作authbind
于RHEL/中央操作系统/软呢帽环境?
问题2:
我的命令必须是什么?是否需要 exec 或 --deep 与 authbind 一起使用?
与用户测试 authbindroot
没有问题!
# authbind /usr/local/httpd/bin/apachectl start
# authbind /usr/local/httpd/bin/apachectl stop
#
问题3:
需要/bin/su,-p,-s和/bin/sh与httpd
用户?
答案1
你必须使用新版本授权绑定支持IPV6:
http://ftp.debian.org/debian/pool/main/a/authbind/
或者
http://www.filewatcher.com/m/authbind_2.1.1.tar.gz.14407-0.html
ftp://ftp.debian.com/debian/pool/main/a/authbind/authbind_2.1.1.tar.gz
tar zxvf /home/.../authbind_2.1.1.tar.gz -C /your/path/
cd /your/path/authbind-2.1.1
make
make install
关于用户和组,用户不一定属于根团体...
useradd -r -c "Httpd User" -s /sbin/nologin httpd
chown -hR httpd: /usr/local/httpd/
现在,作者
touch /etc/authbind/byport/80
chown httpd: /etc/authbind/byport/80
chmod 755 /etc/authbind/byport/80
答案1
我看过几个针对 CentOS、RHEL 和 Fedora 的 Authbind 教程,出于某种原因...有效,那么答案是肯定的...
答案2
开始服务器在您的脚本中尝试以下操作:
/bin/su -p -s /bin/sh httpd -c "/usr/local/bin/authbind /usr/local/httpd/bin/apachectl start"
或者
/bin/su -p -s /bin/sh $SERVICE_USER -c "/usr/local/bin/authbind $SERVICE_HOME/bin/apachectl start"
停止服务器在您的脚本中尝试以下操作:
/bin/su -p -s /bin/sh httpd -c "/usr/local/bin/authbind /usr/local/httpd/bin/apachectl stop"
或者
/bin/su -p -s /bin/sh $SERVICE_USER -c "/usr/local/bin/authbind $SERVICE_HOME/bin/apachectl stop"
答案3