Hitachi

uCosminexus Application Server HTTP Server User Guide

2.4.4 Operation by general user account

For HTTP Server, normal operation is assumed to be operation by the superuser.

When HTTP Server is installed, various settings are configured for operation by the superuser.

Thus, when users other than the superuser (hereafter referred to as general users) operate HTTP Server, they need to change the settings file for HTTP Server and settings in related directories and files. For some functionality in HTTP Server, some operations are restricted from general users.

This section describes the differences between the superuser and general users, and methods to create an environment for general users to operate HTTP Server, and the restrictions thereof.

Organization of this subsection

(1) Permissions for each process

The following table lists the permissions of each process for operation by the superuser or general users.

Table 2‒2: Permissions for each process

No.

Process

Operation by the superuser

Operation by general users

1

Control process

Superuser

General user

2

rotatelogs and rotatelogs2 processes

3

Server process

Users or groups specified in the User and Group directives

4

CGI process

To Page Top

(2) Differences between the superuser and general users in UNIX

In UNIX, unlike general users, the superuser has system administrator permissions. The following table lists examples of the differences between the superuser and general users in UNIX.

Table 2‒3: Example differences between the superuser and general users in UNIX

No.

Item

Superuser

General user

1

Can stop processes that were started by users?

Yes

No

2

Can open well-known ports (ports 1023 and lower)?

Yes

No

3

Can access files that do not explicitly have read or write permissions?

Yes

No

If a general user operates HTTP Server, because the control process in HTTP Server operates with general user permission, the behavior in this case might differ from operation by the superuser. Therefore, if a general user operates HTTP Server, the user needs to create an environment while considering the differences with the superuser.

To Page Top

(3) Changing resource owners and groups

In UNIX, you can change resource owners and groups for content and settings files for HTTP Server, and for files and directories accessed by HTTP Server during operation.

At the minimum, you will need to change the resources under the installation directory (/opt/hitachi/httpsd).

If you want to restore resource owners and groups to the previous settings, save the owners and groups for the current resources before making changes.

The superuser can save owners and groups. The following is an example of how to do this.

Example:

For the resources under the /opt/hitachi/httpsd directory, create a list of owners and groups. 

ls -laR /opt/hitachi/httpsd

The superuser can change owners and groups. The following is an example of how to do this.

Example:

For the resources under the /opt/hitachi/httpsd directory, change the owner (hwsuser) and the group. 

chown -R hwsuser:hwsgroup /opt/hitachi/httpsd

To Page Top

(4) Starting httpsd

Use the general user who operates HTTP Server to start httpsd.

To stop or restart httpsd, use the general user who started httpsd.

To Page Top

(5) Restrictions

The commands below cannot be operated by general users. Operate these commands as the superuser.

In operation by general users, the following directives cannot be specified. Any directive specified by general users is ignored.

In operation by general users, well-known ports (ports 1023 and lower) cannot be opened.

Be careful when specifying the port number in the following directives:

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2022, Hitachi, Ltd.