LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Apache with nobody:nobody and apache:apache (https://www.linuxquestions.org/questions/linux-server-73/apache-with-nobody-nobody-and-apache-apache-816904/)

sudhirmhrj 06-28-2010 10:10 PM
Apache with nobody:nobody and apache:apache
 
Hi eveybody,

could you please tell me the difference Running httpd service as

Group: nobody
User: nobody

&&

Group: apache
user: apache

Thanks
BGRDS

Noway2 06-29-2010 04:48 AM
On the surface, I don't think that there is a whole lot of difference in functionality. Upon starting Apache needs root access, but it quickly drops this and assumes the identity of a non privileged user. This user can either be nobody or apache, or www-data which is common on Debian variants.

The difference, I believe, lies in isolation. Nobody can be a commonly used account for the purposes of a non privileged user and can have a fair share of exposure. If somehow, 'nobody' were to become compromised they could potentially have more impact than if an application isolate user, such as Apache. Of course a lot of this will depend on the file and group permissions. Nobody uses the permissions of others, while an application specific user could be configured to allow file read access, but other could still be denied.


All times are GMT -5. The time now is 07:18 PM.