Running apache as a non-root user

sudo

in file sudoers add following
username ALL=NOPASSWD:/usr/bin/service apache2 reload

Run on port 8080 and use iptables to redirect packets

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8080

setuid wrapper program

httpdctrl.c

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <signal.h>
#include <strings.h>

// allow start/stop/restart of apache by non-root users

int main(int argc, char **argv)
{
  char *cmd, *cmd2, *usage;

  // UPDATE THIS LINE:
  cmd = "/your/path/to/httpd/sbin/apachectl";
  cmd2 = "apachectl";
  usage = "Usage: COMMAND [start|stop|restart]\n";

  if ( argc != 2 ) {
    printf(usage);
    exit(1);
  }

  setegid(0);
  seteuid(0);
  setgid(0);
  setuid(0);

  if ( strncmp(argv[1], "start", 5) == 0 ) {
    if (execl(cmd, cmd2, "start", (char*)0) < 0) {
     perror("Error");
    }
  } else if ( strncmp(argv[1], "stop", 4) == 0 ) {
    if (execl(cmd, cmd2, "stop", (char*)0) < 0) {
     perror("Error");
    }
  } else if ( strncmp(argv[1], "restart", 7) == 0 ) {
    if (execl(cmd, cmd2, "restart", (char*)0) < 0) {
     perror("Error");
    }
  } else {
    printf(usage);
    exit(1);
  }
  exit(0);
}
1
2
3
gcc -o httpdctrl httpdctrl.c
sudo chown root:root httpdctrl
sudo chmod u+s httpdctrl

Run on docker, lxc, runC

docker pull apache

If you only need super-basic stuff on a non-priv port, you could run:

python -m SimpleHTTPServer 8000

Reference

http://stackoverflow.com/questions/525672/is-there-a-way-to-start-restart-stop-apache-server-on-linux-as-non-root-user
http://askubuntu.com/questions/694036/apache-as-non-root
http://serverfault.com/questions/69847/linux-how-to-give-a-user-permission-to-restart-apache
http://www.debian-administration.org/article/386/Running_network_services_as_a_non-root_user