1

I want to start Apache Httpd when Linux starts (with Zero intervention like submitting the root password, I don't want write the root password to start the apache service!!!)

Later of Apache was installed: 

# ./configure --prefix=/usr/local/httpd ... --with-included-apr --with-included-apr-util -with-pcre=/usr/local/pcre --with-z=/usr/local/zlib
# make
# make install

I made this (I created an user named httpd with root group):

# useradd -g root -r -c "Httpd User" -s /sbin/nologin httpd
# chown -hvR httpd:root /usr/local/httpd/

I changed the privileges:

# chown -hvR httpd:root /usr/local/httpd/bin/

# ls -ARl --group-directories-first /usr/local/httpd/bin/
/usr/local/httpd/bin/:
total 2004
-rwSr-Sr-x. 1 httpd root  117511 Jul 12 01:29 ab
-rwSr-Sr-x. 1 httpd root    3461 Jul 12 01:07 apachectl
-rwSr-Sr-x. 1 httpd root    7037 Jul 12 01:26 apr-1-config
-rwSr-Sr-x. 1 httpd root    6596 Jul 12 01:27 apu-1-config
-rwSr-Sr-x. 1 httpd root   23523 Jul 12 01:07 apxs
-rwSr-Sr-x. 1 httpd root    9533 Jul 12 01:29 checkgid
-rwSr-Sr-x. 1 httpd root    8925 Jul 12 01:07 dbmmanage
-rwSr-Sr-x. 1 httpd root    1089 Jul 12 01:07 envvars
-rwSr-Sr-x. 1 httpd root    1089 Jul 12 01:07 envvars-std
-rwSr-Sr-x. 1 httpd root   16476 Jul 12 01:29 fcgistarter
-rwSr-Sr-x. 1 httpd root   60832 Jul 12 01:29 htcacheclean
-rwSr-Sr-x. 1 httpd root   33254 Jul 12 01:29 htdbm
-rwSr-Sr-x. 1 httpd root   18193 Jul 12 01:29 htdigest
-rwSr-Sr-x. 1 httpd root   33958 Jul 12 01:29 htpasswd
-rwSr-Sr-x. 1 httpd root 1606472 Jul 12 01:29 httpd
-rwSr-Sr-x. 1 httpd root   16168 Jul 12 01:29 httxt2dbm
-rwSr-Sr-x. 1 httpd root   17904 Jul 12 01:29 logresolve
-rwSr-Sr-x. 1 httpd root   29642 Jul 12 01:29 rotatelogs
# /usr/local/httpd/bin/apachectl start
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

# chmod -R u=rwx,g=rx,o=rx /usr/local/httpd/bin/
# ls -ARl --group-directories-first /usr/local/httpd/bin/
/usr/local/httpd/bin/:
total 2004
-rwxr-xr-x. 1 httpd root  117511 Jul 12 01:29 ab
-rwxr-xr-x. 1 httpd root    3461 Jul 12 01:07 apachectl
-rwxr-xr-x. 1 httpd root    7037 Jul 12 01:26 apr-1-config
-rwxr-xr-x. 1 httpd root    6596 Jul 12 01:27 apu-1-config
-rwxr-xr-x. 1 httpd root   23523 Jul 12 01:07 apxs
-rwxr-xr-x. 1 httpd root    9533 Jul 12 01:29 checkgid
-rwxr-xr-x. 1 httpd root    8925 Jul 12 01:07 dbmmanage
-rwxr-xr-x. 1 httpd root    1089 Jul 12 01:07 envvars
-rwxr-xr-x. 1 httpd root    1089 Jul 12 01:07 envvars-std
-rwxr-xr-x. 1 httpd root   16476 Jul 12 01:29 fcgistarter
-rwxr-xr-x. 1 httpd root   60832 Jul 12 01:29 htcacheclean
-rwxr-xr-x. 1 httpd root   33254 Jul 12 01:29 htdbm
-rwxr-xr-x. 1 httpd root   18193 Jul 12 01:29 htdigest
-rwxr-xr-x. 1 httpd root   33958 Jul 12 01:29 htpasswd
-rwxr-xr-x. 1 httpd root 1606472 Jul 12 01:29 httpd
-rwxr-xr-x. 1 httpd root   16168 Jul 12 01:29 httxt2dbm
-rwxr-xr-x. 1 httpd root   17904 Jul 12 01:29 logresolve
-rwxr-xr-x. 1 httpd root   29642 Jul 12 01:29 rotatelogs
#

Other

# /bin/su -p -s /bin/sh httpd /usr/local/httpd/bin/apachectl start
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

I created an service for this reason: (short) like this: 

SERVICE_HOME=/usr/local/httpd
SERVICE_USER=httpd
SERVICE_NAME=Httpd
SHUTDOWN_WAIT=20

service_pid() {
  echo `ps aux | grep "$SERVICE_USER" | grep "$SERVICE_HOME" | grep -v grep | head -1 | awk '{ print $2 }' `
}

start() {
  pid=$(service_pid)
  if [ -n "$pid" ] 
  then
echo "$SERVICE_NAME is already running (pid: $pid)"
  else
# Start httpd
echo "Starting $SERVICE_NAME"
/bin/su -p -s /bin/sh $SERVICE_USER $SERVICE_HOME/bin/apachectl start
#/bin/su -p -s /bin/sh httpd authbind /usr/local/httpd/bin/apachectl start
  fi
  return 0
}

But was impossible:

I wasd trying with authbind

http://ftp.debian.org/debian/pool/main/a/authbind/authbind_1.2.0.tar.gz

# tar zxvf /.../authbind_1.2.0.tar.gz -C /usr/local/
# cd /usr/local/authbind-1.2.0
# make
# make install

# ls -ARl /etc/authbind/
/etc/authbind/:
total 12
drwxr-xr-x. 2 root root 4096 Jul 12 13:34 byaddr
drwxr-xr-x. 2 root root 4096 Jul 12 13:34 byport
drwxr-xr-x. 2 root root 4096 Jul 12 13:34 byuid

/etc/authbind/byaddr:
total 0

/etc/authbind/byport:
total 0

/etc/authbind/byuid:
total 0
# 

# touch /etc/authbind/byport/80
# chown httpd:root /etc/authbind/byport/80
# chmod 755 /etc/authbind/byport/80

Trying test from the prompt (I need that apache starts with httpd user!!!)

# /bin/su -p -s /bin/sh httpd authbind /usr/local/httpd/bin/apachectl start
/usr/local/bin/authbind: /usr/local/bin/authbind: cannot execute binary file
# /bin/su -p -s /bin/sh httpd exec authbind /usr/local/httpd/bin/apachectl start
sh: exec: No such file or directory
# /bin/su -p -s /bin/sh httpd exec authbind --deep /usr/local/http/bin/apachectl start
/bin/su: unrecognized option '--deep'
Try `/bin/su --help' for more information.
#

Question 1:

works authbind in RHEL/CentOS/Fedora Environment?

Question 2:

What must be my commands? Is needed exec or --deep together with authbind?

testing authbind with root user has not problem!

# authbind /usr/local/httpd/bin/apachectl start
# authbind /usr/local/httpd/bin/apachectl stop
#

Question 3:

Is needed /bin/su, -p, -s and /bin/sh with httpd user?

QA_Col
  • 474
  • 2
  • 7
  • 15
  • What are you trying to achieve? If you want you start Apache at boot, this is possible without the use of authbind. Also, why are you installing Apache from source? `yum install httpd` should be all you need to do... – mjturner Jul 12 '15 at 20:23
  • If you need to install a newer version of Apache, build an RPM and install that, using the source of the CentOS package as a starting point. Then you'll have the correct init scripts, etc. You should never ever install binaries from source on a package-based Linux distribution. – mjturner Jul 12 '15 at 20:28
  • I'm istalling apache from binary "tar.gz" I making test form recently releases (newer versions) – QA_Col Jul 12 '15 at 20:29
  • I'mk obstinate work with binary source, I don't want leave the line queastion, but your porpouse is very instersting for me... (if you have a link for these please give me).... – QA_Col Jul 12 '15 at 20:33
  • This may give you a starting point - http://unix.stackexchange.com/a/121012/5186. Also, check that there isn't the version of Apache you need in one of the [extra repositories](http://wiki.centos.org/AdditionalResources/Repositories) for CentOS. – mjturner Jul 12 '15 at 20:36

1 Answers1

0

you must to use the new version of authbind supporting IPV6:
http://ftp.debian.org/debian/pool/main/a/authbind/

or

http://www.filewatcher.com/m/authbind_2.1.1.tar.gz.14407-0.html

ftp://ftp.debian.com/debian/pool/main/a/authbind/authbind_2.1.1.tar.gz

tar zxvf /home/.../authbind_2.1.1.tar.gz -C /your/path/
cd /your/path/authbind-2.1.1
make
make install

About the user and group, the user is not necessary to belong to root group...

useradd -r -c "Httpd User" -s /sbin/nologin httpd
chown -hR httpd: /usr/local/httpd/

Now, the autho

touch /etc/authbind/byport/80
chown httpd: /etc/authbind/byport/80
chmod 755 /etc/authbind/byport/80

Answer 1

I have seen several tutorials Authbind for CentOS, RHEL and Fedora, for some reason... works, then the answer is Yes...

Answer 2

starting the server try this in your script:

/bin/su -p -s /bin/sh httpd -c "/usr/local/bin/authbind /usr/local/httpd/bin/apachectl start"

or

/bin/su -p -s /bin/sh $SERVICE_USER -c "/usr/local/bin/authbind $SERVICE_HOME/bin/apachectl start"

stoping the server try this in your script:

/bin/su -p -s /bin/sh httpd -c "/usr/local/bin/authbind /usr/local/httpd/bin/apachectl stop"

or

/bin/su -p -s /bin/sh $SERVICE_USER -c "/usr/local/bin/authbind $SERVICE_HOME/bin/apachectl stop"

Answer 3

About of your Question 3, please check: su and sh

joseluisbz
  • 365
  • 7
  • 20