Re: Boa and Users

To: Debian User <debian-user@lists.debian.org>
Subject: Re: Boa and Users
From: Colin Watson <cjwatson@debian.org>
Date: Sat, 11 Oct 2003 12:02:54 +0100
Message-id: <[🔎] 20031011110254.GA9354@riva.ucam.org>
Mail-followup-to: Debian User <debian-user@lists.debian.org>
In-reply-to: <[🔎] 1065869226.1185.4.camel@linuxbox>
References: <[🔎] 1065869226.1185.4.camel@linuxbox>

On Sat, Oct 11, 2003 at 11:47:06AM +0100, Stuart Robinson wrote:
> I'm playing with the boa package (from unstable) and I'm curious about
> the user boa runs on? does www-data exist in debian as a user from
> install, or does the boa package create it?

  $ grep www-data /usr/share/base-passwd/passwd.master
  www-data:*:33:33:www-data:/var/www:/bin/sh

So, the former.

> I'm presuming it has no password? Should it? 

Correct, and no.

Note that content served by boa shouldn't be writeable by www-data.

> FYI I've previously run boa on redhat (I don't know it it was the right
> thing to do) as 'nobody'

nobody is overused and best avoided; if you run everything as nobody
then all those services can compromise each other. nobody (and the
corresponding group nogroup) should never own any files.

It's better to run everything as separate users.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Boa and Users
  - From: Stuart Robinson <r.s.robinson@ntlworld.com>

Prev by Date: Re: How do I prevent User 'A' from seeing User 'B' /home contents
Next by Date: Re: Weather Stations
Previous by thread: Boa and Users
Next by thread: bayesian spamassassin throwing error
Index(es):
- Date
- Thread