[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: www-data user

Robert Vangel wrote:
Marty wrote:
Alvin Oga wrote:

assuming you did not have any www data loss, you can recreate the userID

root# useradd -u 33 -g 33 -c "www user" -d /var/www -s /bin/false www-data

On my sarge systems the www-data shell is /bin/sh. Has the default configuration changed, and are my systems misconfigured from a security standpoint?

Shell is /bin/sh on mine. Using /bin/false just to add some security through obscurity I suppose...

I like to fully understand any configurations changes I make. In this particular case, I'm afraid to change it because I don't know if it will break the cgi and perl scripts of backkup, which execute remote commands using ssh, as user www-data. Unless it's urgent, I would rather let security fixes happen through the normal channels.

Reply to: