Re: exploring debian's users and groups

To: debian-devel@lists.debian.org, debian-user@lists.debian.org
Cc: debian-doc@lists.debian.org, base-passwd@packages.debian.org
Subject: Re: exploring debian's users and groups
From: Ethan Benson <erbenson@alaska.net>
Date: Tue, 7 Aug 2001 16:27:50 -0800
Message-id: <[🔎] 20010807162750.P9274@plato.local.lan>
Mail-followup-to: debian-devel@lists.debian.org, debian-user@lists.debian.org, debian-doc@lists.debian.org, base-passwd@packages.debian.org
In-reply-to: <[🔎] 20010807164622.E2832@topic.com.au>; from sam@topic.com.au on Tue, Aug 07, 2001 at 04:46:22PM +1000
References: <[🔎] 20010807013548.A17529@kitenet.net> <[🔎] 20010807164622.E2832@topic.com.au>

On Tue, Aug 07, 2001 at 04:46:22PM +1000, Sam Couter wrote:
> Apache runs with this uid. Some people like to make their web pages owned by
> this uid as well, but that's bad. Web servers don't modify web pages, they
> just read them.
> 
> Apart from CGIs and other such nastiness, the web server could easily run as
> nobody.

it should not be run as nobody.  nobody is not a catch all user for
every daemon that needs to run as non-root, using it for that purpose
is grave abuse and opens security holes.

daemons today should almost always run under a dedicated uid, unless
they are small and unimportant, apache is neither.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpsmsqepIBgK.pgp
Description: PGP signature

Reply to:

References:
- exploring debian's users and groups
  - From: Joey Hess <joeyh@debian.org>
- Re: exploring debian's users and groups
  - From: Sam Couter <sam@topic.com.au>

Prev by Date: RE: Debbugs: The Next Generation
Next by Date: Re: exploring debian's users and groups
Previous by thread: Re: exploring debian's users and groups
Next by thread: Re: exploring debian's users and groups
Index(es):
- Date
- Thread