The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

root httpd process

Discussion in 'General Discussion' started by rhettnet, Jul 18, 2007.

  1. rhettnet

    rhettnet Member

    Joined:
    Jun 15, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hi All,

    I noted recently that one of my httpd processes is running as root. all of the other processes are running as nobody, which is typical.

    If I kill the httpd process owned by root, all of the httpd processes die with it, cpsrvd detects that Apache has gone down and restarts it. When Apache comes back up, the root process is present again.

    Is this normal behavior for a cPanel / WHM server or is my root httpd process a security concern?

    Thanks in advance for your help and advice.
     
  2. rhettnet

    rhettnet Member

    Joined:
    Jun 15, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    BTW, in case it is helpful, here my grepped ps output:

    Code:
    root     16269  0.0  0.5 23988 10708 ?       Ss   12:51   0:00 /usr/local/apache/bin/httpd -DSSL
    nobody   16274  0.3  0.5 25908 11852 ?       S    12:51   0:02 /usr/local/apache/bin/httpd -DSSL
    nobody   16275  0.3  0.5 26108 12036 ?       S    12:51   0:02 /usr/local/apache/bin/httpd -DSSL
    nobody   16276  0.2  0.5 25688 11616 ?       S    12:51   0:01 /usr/local/apache/bin/httpd -DSSL
    nobody   16277  0.4  0.5 25900 11828 ?       S    12:51   0:02 /usr/local/apache/bin/httpd -DSSL
    nobody   16278  0.2  0.5 25808 11736 ?       S    12:51   0:01 /usr/local/apache/bin/httpd -DSSL
    nobody   16280  0.5  0.5 25908 11796 ?       S    12:51   0:03 /usr/local/apache/bin/httpd -DSSL
    nobody   16281  0.3  0.5 25884 12132 ?       S    12:51   0:02 /usr/local/apache/bin/httpd -DSSL
    nobody   16282  0.3  0.5 25832 11716 ?       S    12:51   0:02 /usr/local/apache/bin/httpd -DSSL
    nobody   16288  0.3  0.5 25808 11672 ?       S    12:51   0:02 /usr/local/apache/bin/httpd -DSSL
    nobody   16294  0.1  0.5 25720 11592 ?       S    12:51   0:00 /usr/local/apache/bin/httpd -DSSL
    nobody   16296  0.3  0.5 25848 12096 ?       S    12:51   0:02 /usr/local/apache/bin/httpd -DSSL
    nobody   16297  0.2  0.5 25944 11796 ?       S    12:51   0:01 /usr/local/apache/bin/httpd -DSSL
    nobody   16784  0.1  0.4 24136 9224 ?        S    13:00   0:00 /usr/local/apache/bin/httpd -DSSL
    nobody   16809  0.3  0.4 24528 10220 ?       S    13:01   0:00 /usr/local/apache/bin/httpd -DSSL
    nobody   16834  0.7  0.5 25728 11396 ?       S    13:01   0:00 /usr/local/apache/bin/httpd -DSSL
    nobody   16852  0.0  0.3 23988 8036 ?        S    13:02   0:00 /usr/local/apache/bin/httpd -DSSL
    root     16854  0.0  0.0  5308  632 pts/0    S+   13:02   0:00 grep httpd
    
    
     
  3. Scotty_B

    Scotty_B Active Member

    Joined:
    Mar 1, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    The main process has to run as root to bind to port 80, all children will run as nobody. It's normal, in fact, it would be impossible to run it on port 80 of it weren't the case.
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Yes this is normal and doing exactly what it is supposed to be doing ...

    No it is not a security concern in and of itself.
     
  5. rhettnet

    rhettnet Member

    Joined:
    Jun 15, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Perfect. Thanks everyone for your help!
     
Loading...

Share This Page