2.4.4 Operation by general user account

For Cosminexus HTTP Server, normal operation is assumed to be operation by the superuser.

When Cosminexus HTTP Server is installed, various settings are configured for operation by the superuser.

Thus, when users other than the superuser (hereafter referred to as general users) operate Cosminexus HTTP Server, they need to change the settings file for Cosminexus HTTP Server and settings in related directories and files. For some functionality in Cosminexus HTTP Server, some operations are restricted from general users.

This section describes the differences between the superuser and general users, and methods to create an environment for general users to operate Cosminexus HTTP Server, and the restrictions thereof.

Organization of this subsection
(1) Permissions for each process
(2) Differences between the superuser and general users in UNIX
(3) Changing resource owners and groups
(4) Starting httpsd
(5) Restrictions

(1) Permissions for each process

The following table lists the permissions of each process for operation by the superuser or general users.

Table 2-2 Permissions for each process

No.ProcessOperation by the superuserOperation by general users
1Control processSuperuserGeneral user
2rotatelogs and rotatelogs2 processes
3Server processUsers or groups specified in the User and Group directives
4CGI process
5gcache server

(2) Differences between the superuser and general users in UNIX

In UNIX, unlike general users, the superuser has system administrator permissions. The following table lists examples of the differences between the superuser and general users in UNIX.

Table 2-3 Table Example differences between the superuser and general users in UNIX

No.ItemSuperuserGeneral user
1Can stop processes that were started by users?YesNo
2Can open well-known ports (ports 1023 and lower)?YesNo
3Can access files that do not explicitly have read or write permissions?YesNo

If a general user operates Cosminexus HTTP Server, because the control process in Cosminexus HTTP Server operates with general user permission, the behavior in this case might differ from operation by the superuser. Therefore, if a general user operates Cosminexus HTTP Server, the user needs to create an environment while considering the differences with the superuser.

(3) Changing resource owners and groups

In UNIX, you can change resource owners and groups for content and settings files for Cosminexus HTTP Server, and for files and directories accessed by Cosminexus HTTP Server during operation.

At the minimum, you will need to change the resources under the installation directory (/opt/hitachi/httpsd).

If you want to restore resource owners and groups to the previous settings, save the owners and groups for the current resources before making changes.

The superuser can save owners and groups. The following is an example of how to do this.

Example:

For the resources under the /opt/hitachi/httpsd directory, create a list of owners and groups.

ls laR /opt/hitachi/httpsd

The superuser can change owners and groups. The following is an example of how to do this.

Example:

For the resources under the /opt/hitachi/httpsd directory, change the owner (hwsuser) and the group.

chown R hwsuser:hwsgroup /opt/hitachi/httpsd

(4) Starting httpsd

Use the general user who operates Cosminexus HTTP Server to start httpsd.

To stop or restart httpsd, use the general user who started httpsd.

(5) Restrictions

The commands below cannot be operated by general users. Operate these commands as the superuser.

In operation by general users, the following directives cannot be specified. Any directive specified by general users is ignored.

In operation by general users, well-known ports (ports 1023 and lower) cannot be opened.

Be careful when specifying the port number in the following directives: