Apache Server Setup with system user

Apache Server Setup with system user

In this article we are going to learn how to configure and install Apache from source code.

We divide the setup in below steps.

1. Installing missing dependencies

1.1 Install gcc compiler

$ sudo apt-get update

$ sudo apt-get upgrade

$ sudo apt-get install build-essential

Above command will install list of packages which are considered essential for building Ubuntu packages including gcc compiler, make and other required tools.

Verify installation

Type the following command:

$ whereis gcc make
$ gcc –version
$ make -v

1.2 Install PCRE

Download PCRE from PCRE.org

Compile and install it:

cd pcre-8.30/

./configure
make
make install

1.3 Install APR & APR-UTIL

Download the latest versions of both APR and APR-Util from Apache APR,

Assuming download folder is srccode

wget http://mirror.fibergrid.in/apache//apr/apr-1.5.2.tar.gz

wget http://mirror.fibergrid.in/apache//apr/apr-util-1.5.4.tar.gz

extract tarfile in srccode folder only

tar -xvf apr-1.5.2.tar.gz

tar -xvf apr-util-1.5.4.tar.gz

2. Downloading the source code

Download the latest release from http://httpd.apache.org/download.cgi say httpd-2.4.25.tar.gz

wget http://mirror.fibergrid.in/apache//httpd/httpd-2.4.25.tar.gz

extract tarfile in srccode folder only

tar -xvf httpd-2.4.25.tar.gz

Apache HTTP Server needs APR or Apache Portable Runtime for functioning and use -–with-included-apr option to the apache configure script.

copy apr-1.5.2 and apr-util-1.5.4 in httpd-2.4.25/srclib with anme without version apr and apr0util respectivily.

3. Compiling and installing apache

Type below command

Cd srccode/ httpd-2.4.25

./configure –prefix=/home/agni/httpd –with-included-apr

make

make install

4. Post Installation Process

4.1 Apache by default runs as root users. Running the apache as rootuser is insecure and so not advisable.

It is better to run the apache under a system account with limited privileges. So we will create a User and Group for Apache. In the terminal, execute the following command.

$ groupadd apachegrp

$ useradd -M -g apachegrp -d /home apacheusr

set password for apacheursr user

$passwd apacheusr

Go to httpd.cofg file and finf User daemon and Group daemon change this.

User apacheusr

Group apachegrp

4.2 Setting proper permissions for DocumentRoot directory

Apache to access file in htdocs need permissions for user apacheusr and group apachegrp.

Change the Owner and Group of htdocs directory t  apacheusr and apachegrp.

chown -R apacheusr:apachegrp /home/agni/httpd/htdocs

Note: /home/agni/httpd/htdocs is the system DocumentRoot directory.The contents of this directory are usually modified by the standard user from a local machine and no the user have access to this directory.So everytime we have to modify the contents of this directory, we will have to do it as root user and set proper permissions afterwards. This is an inconvenience. Performing the following steps will solve this issue.

Add the standard user’s group as a supplementary group, to the group apachegrp.

Replace GROUPNAME with the name of your primary group.

usermod -G apache GROUPNAME

You must have logged out and logged in again.

Provide write permission to members of apachegrp group, so that the standard user will have write access to the DocumentRoot directory.

chmod -R g+w /usr/local/apache2/htdocs

Still, there is a problem. If the standard user creates a file/directory inside the htdocs directory, the owner will be set to standard user and group will be set to primary group of standard user. As a result, Apache HTTP Server will not have write access to those files/directories unless we set proper permissions as root.

This can be overcome by setting SGID bit on the htdocs directory. This makes the created file/directory to retain the group ownership of directory with SGID under which it was created. Thus Apache HTTP Server will have read&write access to these file/directories. For this, execute the below command in terminal.

find /usr/local/apache2/htdocs -type d -exec chmod g+s {} ;

4.4 Adding the DirectoryIndex type index.htm

DirectoryIndex index.html index.htm

4.5 Enabling htaccess directives

AllowOverride All

4.6 Enabling module mod_rewrite.so

Uncomment the line, so that it looks as shown below.

LoadModule rewrite_module modules/mod_rewrite.so

Source http://howtolamp.com/lamp/httpd/2.4/installing#accounts

That’s all for now. I will be here soon with another intersting topic. Till then stay tuned and connected to Repair Ki Dukan.

Leave a Reply

Your email address will not be published. Required fields are marked *