In the situation where several developers need to be able to start and stop an Apache server that is run by the root account, setuid access must be available only to this specific group of users. For the sake of this example, let's assume that these developers belong to a group named apache. It is important that users who are not root or are not part of the apache group are unable to execute this script. Therefore, the following commands must be applied to the apachectl program:

panic% chgrp apache apachectl
panic% chmod  4510  apachectl

The execution order is important. If the commands are executed in reverse order, the setuid bit is lost.

The file's permissions now look like this:

panic% ls -l apachectl
-r-s--x--- 1 root apache 32 May 13 21:52 apachectl

Everything is set. Well, almost...

When Apache is started, Apache and Perl modules are loaded, so code may be executed. Since all this happens with the root effective ID, any code is executed as if run by the root user. This means that there is a risk, even though none of the developers has the root password—all users in the apache group now have an indirect root access. For example, if Apache loads some module or executes some code that is writable by any of these users, they can plant code that will allow them to gain shell access to the root account.

Of course, if the developers are not trusted, this setuid solution is not the right approach. Although it is possible to try to check that all the files Apache loads are not writable by anyone but root, there are so many of them (especially with mod_perl, where many Perl modules are loaded at server startup) that this is a risky approach.

If the developers are trusted, this approach suits the situation. Although there are security concerns regarding Apache startup, once the parent process is loaded, the child processes are spawned as non-root processes.

This section has presented a way to allow non-root users to start and stop the server. The rest is exactly the same as if they were executing the script as root in the first place.