Results 1 to 3 of 3

Thread: This may be very obvious but...

  1. #1
    Junior Member
    Join Date
    Aug 2002

    This may be very obvious but...

    Recently with the Apache exploits i have seen people getting rooted because they install and run Apache as root. I thought that it was just wierd until i read about an article on securityfocus.com that stated the same-so i figured i would help out some of the people new to unix.

    always install the server software like apache, ftp, cups, whatever as a seperate username ie user: apache. if you install it as root and you get exploited through apache then the attacker has control of your entire system as opposed to just apache.

    hope this helps.

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Glad you posted it...I'm a newbie to *nix, so it helped me! Thanks.
    Opinions are like holes - everybody\'s got\'em.


  3. #3
    Senior Member
    Join Date
    Jan 2002
    Generally a good idea but remember:

    - Some daemons need to run as root to bind to ports and do other things (There is a way around this on Linux, I should investigate it). In particular any daemon which allows system users to login (sshd, ftp if configured as such) needs root.
    - Allowing an attacker to compromise and unprivileged account is a really bad idea anyway because they can probably still do things you don't want them to (a user with access to the apache account can at the very *LEAST* carry out DOS attacks effectively, probably much more)
    - Chroot is also a potentially effective way to protect daemons, but isn't completely secure either.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts