Adding nobody to the root group
Hi,
I have a set up a linux machine 6.2 in which i have installed Apache Web server. Know i want a root user to be the owner of this Apache.I have set up firewall security,disabled the telnet access.Will i still face ant security threats?? Regards Saravanan |
Yes. Apache should run as it's own user or user "nobody". For example if someone manages to run unauthorized code tru an app running on the webserver, it will be run with the privileges of the user the webserver runs as. For this simple and other reasons you will *not* run Apache as root, and you will *not* make privileged system user "nobody" a member of the root/wheel group.
I'd like to turn the question around. What's the real reason you want it to run as root. |
Re
Dear Unspawn
Thanks a lot for ur reply I am hosting a site in PHP,wherein i want to create a emailids for the users who register in the site in form of mail@mydomain.com.So for this i thought of running a cron job which will collect all the users and create a mail id for them.But now since the requirement was to create a mail id as soon as the users register,i though that i could give root privelege to nobody so that i could create the mail id as soon as the user register. Regards Saravanan |
All times are GMT -5. The time now is 08:57 PM. |