Page 239 - DCAP602_NETWORK_OPERATING_SYSTEMS_I
P. 239

Unit 12: Server Role: Linux as Web Server




          You can control an Apache service by its command line switches, too. To start an installed Apache   notes
          service you’ll use this:
          httpd -k start
          To stop an Apache service via the command line switches, use this:

          httpd -k stop
          or

          httpd -k shutdown
          You can also restart a running service and force it to revise its configuration file by using:

          httpd -k restart
          By default, all Apache services are indexed to run as the system user (the LocalSystem account).
          The LocalSystem account has no privileges to your network via any Windows-secured mechanism,
          including the file system, named pipes, DCOM, or secure RPC. It has, however, wide privileges
          locally.


             Did u know?  Is Apache comes with a value called the Apache Service Monitor?
          Never grant any network privileges to the LocalSystem account! If you need Apache to be capable
          to access network resources, create a separate account for Apache as noted below.
          You may want to create a separate account for running Apache service(s). Specially, if you have
          to access network resources via Apache, this is strongly recommended.

          Create a normal domain user account, and be sure to learn its password.
          Grant the newly-created user a freedom of Log on as a service and Act as part of the operating
          system. On Windows NT 4.0 these privileges are granted via User Manager for Domains, but on
          Windows 2000 and XP you probably want to use Group Policy for propagating these settings.
          You can also manually set these via the Local Security Policy MMC snap-in.

          Verify that the created account is a member of the Users group.
          Grant the account read and execute (RX) rights to all document and script folders (htdocs and
          cgi-bin for example).
          Grant the account change (RWXD) rights to the Apache logs directory.

          Grant the account read and execute (RX) rights to the Apache.exe binary executable.
          It is generally a good practice to grant the user the Apache service runs as read and execute (RX)
          access to the whole Apache2 directory, except the logs subdirectory, where the user has to have
          at least change (RWXD) rights.
          If you allow the account to log in as a user and as a service, then you can log on with that account
          and test that the account has the privileges to perform the scripts, read the web pages, and that
          you can start Apache in a console window. If this works, and you have followed the steps above,
          Apache should execute as a service with no problems.

          Error code 2186 is a good sign that you need to review the “Log On As” configuration for the
          service, since Apache cannot access a required network resource. Also, pay close attention to the
          privileges of the user Apache is configured to run as.

          As starting Apache as a service you may encounter an error message from the Windows Service
          Control Manager. For example, if you try to start Apache by using the Services applet in the
          Windows Control Panel, you may get the following message:




                                           LoveLy professionaL university                                   233
   234   235   236   237   238   239   240   241   242   243   244