I need help to start apache in following scenario:
1) Say apache is installed on solaris OS by user 'root'.
2) An entry is there in httpd.conf that says to start apache process as user: #User <RUN_AS_USER> is edited as
User user1
2) Now say user2 has logged and tries to start apache process. Now whosoever tries to start Apache, it should always gets start as user1.
We are only able to start apache as a 'root' user.
That's correct. Only processes launched as the 'root' user may change the user to something else (Which is what Apache is trying to do with that configuration line.) In order to start Apache in such a way, you need to use something like the "sudo" package. In the sudoers configuration file, you might add a line like this:
The reason that directive exist, is that only the apache-processes that serve out pages run as a different user. Did you notice that one process always runs as root (when started as root)? The other child-processes run as a different user.
When there is a compromise of your system, the intruder will have the privileges of the apache-user and not root. Always make sure that your apache-user has no more rights than it needs...
it might be a little easier to understand with this:
httpd.conf
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User www
Group www