24.4. Server Settings
The Server tab allows you to configure basic server settings. The default settings for these options are appropriate for most situations.
Figure 24.10. Server Configuration
The Lock File value corresponds to the
LockFile
directive. This directive sets the path to the lockfile used when the server is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. It should be left to the default value unless the logs
directory is located on an NFS share. If this is the case, the default value should be changed to a location on the local disk and to a directory that is readable only by root.
The PID File value corresponds to the
PidFile
directive. This directive sets the file in which the server records its process ID (pid). This file should only be readable by root. In most cases, it should be left to the default value.
The Core Dump Directory value corresponds to the
CoreDumpDirectory
directive. The Apache HTTP Server tries to switch to this directory before executing a core dump. The default value is the ServerRoot
. However, if the user that the server runs as can not write to this directory, the core dump can not be written. Change this value to a directory writable by the user the server runs as, if you want to write the core dumps to disk for debugging purposes.
The User value corresponds to the
User
directive. It sets the userid used by the server to answer requests. This user's settings determine the server's access. Any files inaccessible to this user are also inaccessible to your website's visitors. The default for User
is apache.
The user should only have privileges so that it can access files which are supposed to be visible to the outside world. The user is also the owner of any CGI processes spawned by the server. The user should not be allowed to execute any code which is not intended to be in response to HTTP requests.
Warning
Unless you know exactly what you are doing, do not set the
User
directive to root. Using root as the User
creates large security holes for your Web server.
The parent
httpd
process first runs as root during normal operations, but is then immediately handed off to the apache user. The server must start as root because it needs to bind to a port below 1024. Ports below 1024 are reserved for system use, so they can not be used by anyone but root. Once the server has attached itself to its port, however, it hands the process off to the apache user before it accepts any connection requests.
The Group value corresponds to the
Group
directive. The Group
directive is similar to the User
directive. Group
sets the group under which the server answers requests. The default group is also apache.