Databases Reference
In-Depth Information
This is due to the fact that on Unix, listening on ports between 0 and 1024 is reserved for privileged
users (you can consider it a historical reason), since typically things like mail server, SSH servers, etc.,
tend to run on these lower port numbers; if regular users were allowed to run their own processes on any
ports, it could be a potential security risk.
To allow the OHS to run on a privileged port, you have a couple of options:
•
Run the OHS as the root Unix user.
•
Change the permissions on the OHS binaries so that they are SUID root (SUID
means that the regular OHS Unix user can start the OHS, but it will effectively run
as root).
Both of these options have potential risks, since having the OHS running as the root user means that
if the webvserver is compromised then the attack could potentially have full privileges over the machine.
Please, weigh these risks carefully before adopting this approach.
So, for example, if you wished to modify the permissions to make the OHS run as the root user, you
could use the commands shown in Listing 1-7.
Listing 1-7.
Changing the Apache Binary to Run as Root
[ohs@ae1 bin]$ ls -al .apachectl
-rwxr-xr-x 1 ohs ohs 1703780 Apr 5 2007 .apachectl
[ohs@ae1 bin]$ pwd
/home/ohs/OraHome 1/ohs/bin
[ohs@ae1 bin]$ ls -al .apachectl
-rwxr-xr-x 1 ohs ohs 1703780 Apr 5 2007 .apachectl
[ohs@ae1 bin]$ su root
Password:
[root@ae1 bin]# chown root .apachectl
[root@ae1 bin]# chmod 6750 .apachectl
[root@ae1 bin]# ls -al .apachectl
-rwsr-s--- 1 root ohs 1703780 Apr 5 2007 .apachectl
You should now be able to start the OHS as the OHS Unix user but have it running on port 80
(assuming you remembered to change the
Listen
directive in the
httpd.conf
file).
There are another couple of tweaks that I typically make to the
httpd.conf
file that are a bit more
specific to the Apache configuration than they are to APEX if you have a medium-to-high number of end
users.
The first setting I increase is the
MaxClients
setting, which is typically set to 150 by default. As you
can see in the output below, if the number of end users simultaneously accessing exceeds this number,
the end users will experience sluggish (actually blocked) connections.
#
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the system with it as it spirals down...
#
MaxClients 150
