LinuxQuestions.org - Apache webserver using root account.

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Apache webserver using root account. (https://www.linuxquestions.org/questions/linux-security-4/apache-webserver-using-root-account-121618/)

lonny

12-01-2003 10:25 AM

Apache webserver using root account.

Is it a good idea to be hosting a website while being logged in as root?

szaroubi

12-01-2003 10:31 AM

NO!!!!! NEVER!!!!11
Let say you write a buggy cgi script ..
and it gets compromised (which happens alot)
The hacker (cracker, whatchamacaler) will get root access to your machine....

Make the webserver run as a very very very restricted user.

lonny

12-01-2003 10:44 AM

So I should create a very restricted user and then edit httpd2.conf to have the homepage in this users directory. Or would it be better to give the user access to the default apache directory?

szaroubi

12-01-2003 10:57 AM

Default directory is good ...
and default user is good ...
Just NOT root
And make shure that all files being server by the server and readble by the webserver's user.

lonny

12-01-2003 11:00 AM

Alright thanks ill give it a try!

All times are GMT -5. The time now is 01:09 PM.