Updated 14 July 2006

© 2006  LogiQwest, Inc. All rights reserved.

q-Status Logo

Solaris Logo


Index

Introduction

Installation

Custom Setup

Apache Server

SSH Xfer

FTP Xfer

NFS Xfer

Group Management

Complex Servers

Sun Fire Config

Baseline Comparison

Golden Comparison

Customization

Enabling Apache Web Server

Introduction

The Apache Web Server is included as a standard package as part of Solaris. It is installed in three new directories:

  • /usr/apache
  • /var/apache
  • /etc/apache

Enabling the Apache Web Server

The Apache web server will not start unless a properly configured http.conf file exists. This file is located under the /etc/apache directory.

When the Apache web server is first installed, there is no httpd.conf file. One must create it by copying the existing httpd.conf-example in the same directory to httpd.conf.

#cd /etc/apache
#cp httpd.conf-example httpd.conf

The following minimum edits should be made to the file to support the any dns enviroment where the web server is to be enabled.

httpd.conf

From

To

ServerAdmin
ServerAdmin <admin email address> 
#ServerName
ServerName <your server DNS name>

Adding CGI-BIN Capability

Enabling CGI-BIN execution requires that the following changes be made to the httpd.conf file

httpd.conf

From

#AddHandler cgi-script .cgi
Options Indexes FollowSymLinks MultiViews

To

AddHandler cgi-script .cgi
Options Indexes FollowSymLinks MultiViews ExecCGI

Making these changes enables any CGI program located under the Apache Web server default document root directory (e.g. DocumentRoot) to be executable.

Note: To delete automatic directory listing, see "General Security Concerns" at the end of this document.

Create a Web User

Creating a web user is only for security purposes and is not necessary for running the web server.

By default the Apache web server is owned by nobody and belongs to the group nobody. This is defined in the /etc/apache/httpd.conf file. Therefore the user nobody must be able to execute the CGI programs and read and write the files that the programs may require.

q-Status™ is delivered with all files of q-Status™ program are owned by a user called "www" and a group called "www". q-Status™- both assigned as the attribute of 70.

owner group
/etc/passwd /etc/group
www:x:70:70: www::70:

This user should and group should be added to the Solaris system, if it does not already exist. Below is a simple example how this performed.

Edit /etc/passwd entry:

www:x:70:70:World Wide Web Server:/usr/apache:/usr/bin/false

Edit /etc/shadow entry:

www:*LK*:12743::::::

Run the Unix command pwconv after creating the entry in the /etc/passwd file. This will create the "www" entry in the /etc/shadow file with a "x" entry. Change the "x" entry to "*LK*".

Edit /etc/group entry:

www::70:

Make the directory /var/apache/htdocs owned by "www" and the group "www".

Change the ownership and group in the /etc/apache/httpd.conf file from their default values to the new owner and goup.

httpd.conf

From

User nobody
Group nobody

To

User www
Group www

The apache web server must be restarted or started for any changes in the http.conf file to take place.

Starting the Web Server

Use the apachectl in the /usr/apache/bin directory to start and stop the web server. To start the web server, as "root" execute the command below with the start option:

#/usr/apache/bin/apachectl start
apachectl start: httpd started

If the web server is already running use the restart option instead.

#/usr/apache/bin/apachectl restart
/usr/apache/bin/apachectl restart: httpd restarted

If an errors occur when you try to start or restart the web server, you can use the configtest option to check the configuration syntax.

#/usr/apache/bin/apachectl configtest
Syntax OK

If no error message occurs, the web server is configured properly.

The ps command can be used to verify that the web server is running

#ps -ef | grep httpd
  root   268     1   /usr/local/apache/sbin/httpd -f
                                  /usr/local/apache/etc/httpd.conf
nobody   273   268   /usr/local/apache/sbin/httpd -f
                                  /usr/local/apache/etc/httpd.conf 
nobody   274   268   /usr/local/apache/sbin/httpd -f
                                  /usr/local/apache/etc/httpd.conf 
nobody   276   268   /usr/local/apache/sbin/httpd -f
                                  /usr/local/apache/etc/httpd.conf 
nobody   277   268   /usr/local/apache/sbin/httpd -f
                                  /usr/local/apache/etc/httpd.conf 
nobody   278   268   /usr/local/apache/sbin/httpd -f
                                  /usr/local/apache/etc/httpd.conf 

Test the the web server by using a web browser and entering the servers IP address, hostname or use localhost (e.g. http://localhost/). This should display the sample Apache page /var/apache/htdocs/index.html.

If the Apache web server startup page does not display, check the "/var/apache/logs/error_log" file to identify errors.

General Security Concerns

You may wish to prevent unauthorized users from accessing the web server by using a basic password protection scheme. Refer to "Directory Authenication (Password) Setup for Apache Web Server".

By default, if a user enters a directory in their web browser of an open directory on your web server that does not contain an index.html file, they will see a listing of files and directories as hyperlinks. CGI program will be executed when a hyperlink is activated, but other files such as text files, data files, images and library files will be downloadable through the users web browser. To prevent unauthorized file downloads from happening, it is a good idea to turn off this capability. This is accomplished by editing the http.conf file. The edit is at the same line where cgi program execution was enabled by adding the "ExecCGI" parameter. In this same line deleting the parameter "Indexes" will disable the directory listing function.

httpd.conf

From

Options Indexes FollowSymLinks MultiViews ExecCGI

To

Options FollowSymLinks MultiViews ExecCGI

The Apache Web server must be re-started for this change to take affect.

#/usr/apache/bin/apachectl restart
/usr/apache/bin/apachectl restart: httpd restarted

Listings and download of file will no longer be available through a user's web browser.

Refer in to the Apache documentation if a more secure execution process is required.