24.4. Server Settings
The Server tab allows you to configure basic server settings. The default settings for these options are appropriate for most situations.
Figure 24.10. Server Configuration
The Lock File value corresponds to the
LockFiledirective. This directive sets the path to the lockfile used when the server is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. It should be left to the default value unless the
logsdirectory is located on an NFS share. If this is the case, the default value should be changed to a location on the local disk and to a directory that is readable only by root.
The PID File value corresponds to the
PidFiledirective. This directive sets the file in which the server records its process ID (pid). This file should only be readable by root. In most cases, it should be left to the default value.
The Core Dump Directory value corresponds to the
CoreDumpDirectorydirective. The Apache HTTP Server tries to switch to this directory before executing a core dump. The default value is the
ServerRoot. However, if the user that the server runs as can not write to this directory, the core dump can not be written. Change this value to a directory writable by the user the server runs as, if you want to write the core dumps to disk for debugging purposes.
The User value corresponds to the
Userdirective. It sets the userid used by the server to answer requests. This user's settings determine the server's access. Any files inaccessible to this user are also inaccessible to your website's visitors. The default for
The user should only have privileges so that it can access files which are supposed to be visible to the outside world. The user is also the owner of any CGI processes spawned by the server. The user should not be allowed to execute any code which is not intended to be in response to HTTP requests.
Unless you know exactly what you are doing, do not set the
Userdirective to root. Using root as the
Usercreates large security holes for your Web server.
httpdprocess first runs as root during normal operations, but is then immediately handed off to the apache user. The server must start as root because it needs to bind to a port below 1024. Ports below 1024 are reserved for system use, so they can not be used by anyone but root. Once the server has attached itself to its port, however, it hands the process off to the apache user before it accepts any connection requests.
The Group value corresponds to the
Groupdirective is similar to the
Groupsets the group under which the server answers requests. The default group is also apache.