openSUSE 11.4 Apache2 ignoring uid.conf options

I am trying to install BackupPC on openSUSE 11.4 64 bit.

BackupPC is complaining that I am not running the Apache server as user backuppc but as user with id 0 (root)

I have the following in the /etc/apache2/uid.conf (which is getting read as I can put a syntax error in the file and it complains):

User backuppc
Group www

When I run either the httpd2-itk (default in rcapache2) or the plain httpd2 processes and then do a:

ps aux

The user reported as running the http processes is root NOT backuppc.

On a openSUSE 11.3 machine where I have BackupPC running successfully the ps command returns backuppc as the user running the processes.

Is this something others are seeing or do I have some configuration incorrect?


Did you create an account called backuppc?

Thanks for the reply.

Yes, the user has been created as per the BackupPC instructions.

I have just done some further experimentation by changing the user BackupPC is expecting to use to root and the error disappears (But this is very unsecure according to BackupPC documentation). So it is looking like the Apache process is not switching user as it should.

Will try some further experimentation.


I have no problems when I change the User to myself and restart apache. ps aux shows that I am the owner of the processes. I’d concentrate on why apache is not switching users.

Cheers for that… I will do that and report results. Just fighting with the new 11.4 update process to make sure I have all the latest updates etc. :slight_smile:

Again thanks

My Solution:

Found that the ITK version of Apache (httpd2-itk) server is experimental and one of it features is to allow virtual hosts to run under separate UIDs and GIDs. As I was having issues in this area. I uninstalled the ITK Apache server, via YaST, and reinstalled the standard Apache2 (httpd2-prefork), made sure that the uid.conf file was how I wanted it and ran the server up. Now the ps aux command shows the apache processes running as the user defined in the uid.conf. And BackupPC now works. :slight_smile:

Note to Novell on this. Out of the box the configuration for the ITK version of Apache is running insecurely… it is ignoring the default wwwrun user and using root, is this a possible security issue?


Perhaps the ITK version needs to run as root to be able to do what it does? A uid switch is a privileged syscall.


I am thinking that maybe it needs the root level to start, this is what I understand these sort of processes need to do, to open ports below 1024 etc., and then it should switch to lower level privileges. However, even if I am NOT using vhosts the “default-server” to me should still drop level once initalised. ?? As this is experimental maybe some default config/option elsewhere in the configuration is not right? Wondering if I should open a bug on this as there did not seem to be any open in this area that I could see.

Thanks again for your help.

I think this is how it works. Once switched to a non-root UID, it cannot switch to another UID. Therefore the master ITK server has to run as root to be able to run various children under different UIDs. Better read the ITK doco so you don’t get embarrassed after filing a “bug” report.