inTheDMZ Posted December 14, 2012 Share Posted December 14, 2012 Anyone got any advice, googled the hell out of it and can't find anything. Need to compile Apache as a root user on the raspberry Pi, for a internal web-server, so security isn't a issue. Any help appreciated! Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted December 15, 2012 Share Posted December 15, 2012 Assuming you are using raspbian, can't you just "apt-get install apache2" to install it? Once it has been installed you can then configure as you wish. Quote Link to comment Share on other sites More sharing options...
Sitwon Posted December 18, 2012 Share Posted December 18, 2012 You should never need root permissions to compile any application. If you're compiling as the root user you're doing it wrong. Quote Link to comment Share on other sites More sharing options...
digip Posted December 18, 2012 Share Posted December 18, 2012 You should never need root permissions to compile any application. If you're compiling as the root user you're doing it wrong. Compiling as root or installing and running as root? Can't you compile as root but install an app as a low level user or its own user group? VLC for example, doesn't want to install as root and usually gives a warning, but I hear what you are saying. @the op, if Apache is running as root, and all files on the web server are running as root, instead of say, www-data or apache-www, then any attack that compromises the web server, has root permissions. Just something to think about before you deploy and setup Apache. Quote Link to comment Share on other sites More sharing options...
inTheDMZ Posted December 19, 2012 Author Share Posted December 19, 2012 Got this all sorted now, configured and compiled using the DBIG security hole option, this is a internal webserver for a university project so security isn't a issue, only access will be plugging it in physically. Needs root permissions to do iptable manipulation and access rc.local/ root cronjobs etc etc Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted December 19, 2012 Share Posted December 19, 2012 "An internal webserver for a university project so security isn't a issue" sounds like tempting fate to me. :) Personally I would have created a few setuid executables that would make the required changes and then have your CGI scripts call these to do the work that requires root permissions. You could then have your CGI scripts validating your inputs from the web and processing them in to the inputs for your executables. Your executables can then validate the inputs passed to them before processing them. That way someone would have to break through your CGI scripts and then through your setuid executables. Quote Link to comment Share on other sites More sharing options...
Sitwon Posted December 20, 2012 Share Posted December 20, 2012 Compiling as root or installing and running as root? Can't you compile as root but install an app as a low level user or its own user group? VLC for example, doesn't want to install as root and usually gives a warning, but I hear what you are saying. @the op, if Apache is running as root, and all files on the web server are running as root, instead of say, www-data or apache-www, then any attack that compromises the web server, has root permissions. Just something to think about before you deploy and setup Apache. You should never need root permissions to COMPILE an application. You typically need root permission to install it globally on the system (eg, to write files to /bin or /usr/bin), and you might need root permissions to run the application (typically servers on ports <1024 will be started as root and then drop privileges to 'nobody' or 'www-data' or similar). However COMPILING should never require root permission. When you're compiling the application you're just translating from the source form to the binary form, there is nothing happening in that translation that would justify needing root permissions. Quote Link to comment Share on other sites More sharing options...
digip Posted December 20, 2012 Share Posted December 20, 2012 (edited) You should never need root permissions to COMPILE an application. You typically need root permission to install it globally on the system (eg, to write files to /bin or /usr/bin), and you might need root permissions to run the application (typically servers on ports <1024 will be started as root and then drop privileges to 'nobody' or 'www-data' or similar). However COMPILING should never require root permission. When you're compiling the application you're just translating from the source form to the binary form, there is nothing happening in that translation that would justify needing root permissions. I like that answer of why, more than just telling him hes doing it wrong. :) Edited December 20, 2012 by digip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.