For Cosminexus HTTP Server, normal operation is assumed to be operation by the superuser.
When Cosminexus HTTP Server is installed, various settings are configured for operation by the superuser.
Thus, when users other than the superuser (hereafter referred to as general users) operate Cosminexus HTTP Server, they need to change the settings file for Cosminexus HTTP Server and settings in related directories and files. For some functionality in Cosminexus HTTP Server, some operations are restricted from general users.
This section describes the differences between the superuser and general users, and methods to create an environment for general users to operate Cosminexus HTTP Server, and the restrictions thereof.
The following table lists the permissions of each process for operation by the superuser or general users.
Table 2-2 Permissions for each process
No. | Process | Operation by the superuser | Operation by general users |
---|---|---|---|
1 | Control process | Superuser | General user |
2 | rotatelogs and rotatelogs2 processes | ||
3 | Server process | Users or groups specified in the User and Group directives | |
4 | CGI process | ||
5 | gcache server |
In UNIX, unlike general users, the superuser has system administrator permissions. The following table lists examples of the differences between the superuser and general users in UNIX.
Table 2-3 Table Example differences between the superuser and general users in UNIX
No. | Item | Superuser | General user |
---|---|---|---|
1 | Can stop processes that were started by users? | Yes | No |
2 | Can open well-known ports (ports 1023 and lower)? | Yes | No |
3 | Can access files that do not explicitly have read or write permissions? | Yes | No |
If a general user operates Cosminexus HTTP Server, because the control process in Cosminexus HTTP Server operates with general user permission, the behavior in this case might differ from operation by the superuser. Therefore, if a general user operates Cosminexus HTTP Server, the user needs to create an environment while considering the differences with the superuser.
In UNIX, you can change resource owners and groups for content and settings files for Cosminexus HTTP Server, and for files and directories accessed by Cosminexus HTTP Server during operation.
At the minimum, you will need to change the resources under the installation directory (/opt/hitachi/httpsd).
If you want to restore resource owners and groups to the previous settings, save the owners and groups for the current resources before making changes.
The superuser can save owners and groups. The following is an example of how to do this.
Example:
For the resources under the /opt/hitachi/httpsd directory, create a list of owners and groups.
ls laR /opt/hitachi/httpsd |
The superuser can change owners and groups. The following is an example of how to do this.
Example:
For the resources under the /opt/hitachi/httpsd directory, change the owner (hwsuser) and the group.
chown R hwsuser:hwsgroup /opt/hitachi/httpsd |
Use the general user who operates Cosminexus HTTP Server to start httpsd.
To stop or restart httpsd, use the general user who started httpsd.
The commands below cannot be operated by general users. Operate these commands as the superuser.
In operation by general users, the following directives cannot be specified. Any directive specified by general users is ignored.
In operation by general users, well-known ports (ports 1023 and lower) cannot be opened.
Be careful when specifying the port number in the following directives: