|Red Hat Enterprise Linux 4: System Administration Guide
|Chapter 25. Apache HTTP Server Configuration
The Server tab allows you to configure basic server settings. The default settings for these options are appropriate for most situations.
The Lock File value corresponds to the LockFile directive. This directive sets the path to the lockfile used when the server is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. It should be left to the default value unless the logs directory is located on an NFS share. If this is the case, the default value should be changed to a location on the local disk and to a directory that is readable only by root.
The PID File value corresponds to the PidFile directive. This directive sets the file in which the server records its process ID (pid). This file should only be readable by root. In most cases, it should be left to the default value.
The Core Dump Directory value corresponds to the CoreDumpDirectory directive. The Apache HTTP Server tries to switch to this directory before executing a core dump. The default value is the ServerRoot. However, if the user that the server runs as can not write to this directory, the core dump can not be written. Change this value to a directory writable by the user the server runs as, if you want to write the core dumps to disk for debugging purposes.
The User value corresponds to the User directive. It sets the userid used by the server to answer requests. This user's settings determine the server's access. Any files inaccessible to this user are also inaccessible to your website's visitors. The default for User is apache.
The user should only have privileges so that it can access files which are supposed to be visible to the outside world. The user is also the owner of any CGI processes spawned by the server. The user should not be allowed to execute any code which is not intended to be in response to HTTP requests.
Unless you know exactly what you are doing, do not set the User directive to root. Using root as the User creates large security holes for your Web server.
The parent httpd process first runs as root during normal operations, but is then immediately handed off to the apache user. The server must start as root because it needs to bind to a port below 1024. Ports below 1024 are reserved for system use, so they can not be used by anyone but root. Once the server has attached itself to its port, however, it hands the process off to the apache user before it accepts any connection requests.
The Group value corresponds to the Group directive. The Group directive is similar to the User directive. Group sets the group under which the server answers requests. The default group is also apache.