On Tue, Aug 07, 2001 at 04:46:22PM +1000, Sam Couter wrote: > Apache runs with this uid. Some people like to make their web pages owned by > this uid as well, but that's bad. Web servers don't modify web pages, they > just read them. > > Apart from CGIs and other such nastiness, the web server could easily run as > nobody. it should not be run as nobody. nobody is not a catch all user for every daemon that needs to run as non-root, using it for that purpose is grave abuse and opens security holes. daemons today should almost always run under a dedicated uid, unless they are small and unimportant, apache is neither. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpsmsqepIBgK.pgp
Description: PGP signature