Robert Vangel wrote:
Marty wrote:Alvin Oga wrote:assuming you did not have any www data loss, you can recreate the userIDroot# useradd -u 33 -g 33 -c "www user" -d /var/www -s /bin/false www-dataOn my sarge systems the www-data shell is /bin/sh. Has the default configuration changed, and are my systems misconfigured from a security standpoint?Shell is /bin/sh on mine. Using /bin/false just to add some security through obscurity I suppose...
I like to fully understand any configurations changes I make. In this particular case, I'm afraid to change it because I don't know if it will break the cgi and perl scripts of backkup, which execute remote commands using ssh, as user www-data. Unless it's urgent, I would rather let security fixes happen through the normal channels.