Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey there,
A mate has a basic VPS running debian, and as far as i can tell hes running HTTPD as root.
In fact, he says he does most things as root, which is a habit that needs to be broken for obvious reasons.
Heres the output from webmin of the running services. Im average at linux, used to gui and only know fedora command line, so lost when it comes to debian.
Now HTTPD is running out of /home/user/ which is actually owned by root. So somehow, i want to change the owner (chown?) of /home/user/ to user, and then run HTTPD under that username, or whatever is the best method. Unfortunately i have no idea how.
What else shouldn't be running as root? What other basic security like denyhosts would be suggested?
Thanks in advance.
You HTTPD is not running as root, Webmin is running as root and its normal, in rest seems everything ok, maybe create a user "apache" or "httpd" and change in the configuration of apache from daemon to "apache" or "httpd"
I also need to add mysql & ftp to it, i assume i copy a line and add 3306?
@robertjinx: Thanks for clarification, i wasn't sure and he said he'd simply setup and used everything in root, and when i saw "29947 root /usr/local/apache2/bin/httpd", i assumed one of the virtual servers or something was running as root.
Last edited by stephen_wq; 03-27-2009 at 03:15 AM.
Btw what VPS are u using, Xen or OpenVZ/Virtuozzo?
If OpenVZ/Virtuozzo then you are limited to what you can do, cant have a full iptables and so on. Be sure of what you using and setup the VPS according to that.
Btw what VPS are u using, Xen or OpenVZ/Virtuozzo?
If OpenVZ/Virtuozzo then you are limited to what you can do, cant have a full iptables and so on. Be sure of what you using and setup the VPS according to that.
Not sure what either of those are, how can i find out?
Try simple "uname -a" and will tell you want you need to know, in case of CentOS on Xen it will look something like 2.6.18-53.1.13.el5xen and in case of OpenVZ, I think vz or something.
Just put the output of uname -a in the post and i will tell u.
Its OpenVZ/Virtuozzo which means you are limited to some stuff, like some iptables parts, system configuration, kernel tunning, etc.
I think simple or normal linux security should be enough for the system, maybe just use iptable to allow a couple of ports, like ssh/http/https/mail and rest just block it.
Make sure that you do not allow root login over ssh and use locally sudo or su to login to root.
Try simple "uname -a" and will tell you want you need to know, in case of CentOS on Xen it will look something like 2.6.18-53.1.13.el5xen and in case of OpenVZ, I think vz or something.
Just put the output of uname -a in the post and i will tell u.
2.6.18-53.1.13.el5xen certainly indicates a Xen VPS, but not all Xen VPSs have 'xen' in the kernel name
Moot point I guess, as stephen_wq looks to have an OpenVZ VPS.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.