Re: Boa and Users
On Sat, Oct 11, 2003 at 11:47:06AM +0100, Stuart Robinson wrote:
> I'm playing with the boa package (from unstable) and I'm curious about
> the user boa runs on? does www-data exist in debian as a user from
> install, or does the boa package create it?
$ grep www-data /usr/share/base-passwd/passwd.master
So, the former.
> I'm presuming it has no password? Should it?
Correct, and no.
Note that content served by boa shouldn't be writeable by www-data.
> FYI I've previously run boa on redhat (I don't know it it was the right
> thing to do) as 'nobody'
nobody is overused and best avoided; if you run everything as nobody
then all those services can compromise each other. nobody (and the
corresponding group nogroup) should never own any files.
It's better to run everything as separate users.
Colin Watson [email@example.com]