Hi all,
I'm trying to configure Apache2 with RBAC for reduce some privileges and run this service only with user webservd
...but the parent process (root) still exists!
my steps:
...and obviously...
What's wrong?
Any idea?
PS: sorry about my english
I'm trying to configure Apache2 with RBAC for reduce some privileges and run this service only with user webservd
...but the parent process (root) still exists!
my steps:
Code:
[b]# svcadm -v disable -s apache2[/b]
[b]# svccfg -s apache2[/b]
svc:/network/http:apache2> setprop start/user = astring: webservd
svc:/network/http:apache2> setprop start/group = astring: webservd
svc:/network/http:apache2> setprop start/privileges = astring: basic,!proc_session,!proc_info,!file_link_any,net_privaddr
svc:/network/http:apache2> end
[b]# svcadm -v refresh apache2[/b]
[b]# svcprop apache2 | grep ^start[/b]
startd/ignore_error astring core,signal
start/exec astring /lib/svc/method/http-apache2\ start
start/timeout_seconds count 60
start/type astring method
[COLOR=blue]start/user astring webservd
start/group astring webservd
start/privileges astring basic,!proc_session,!proc_info,!file_link_any,net_privaddr[/color]
[b]# svcadm -v enable -s apache2[/b]
[b]# ps -ef | grep apache2[/b]
webservd 4205 4204 0 19:03:22 ? 0:00 /usr/apache2/bin/httpd -k start
[COLOR=red][b]root 4204 1 0 19:03:21 ? 0:00 /usr/apache2/bin/httpd -k start[/b][/color]
webservd 4209 4204 0 19:03:22 ? 0:00 /usr/apache2/bin/httpd -k start
webservd 4208 4204 0 19:03:22 ? 0:00 /usr/apache2/bin/httpd -k start
webservd 4206 4204 0 19:03:22 ? 0:00 /usr/apache2/bin/httpd -k start
webservd 4207 4204 0 19:03:22 ? 0:00 /usr/apache2/bin/httpd -k start
Code:
[b]# ppriv 4204[/b]
4204: /usr/apache2/bin/httpd -k start
flags = <none>
E: all
I: basic
P: all
L: allAny idea?
PS: sorry about my english