Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

To: debian-user@lists.debian.org
Subject: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
From: Jerry Stuckle <jstuckle@attglobal.net>
Date: Sun, 05 Jan 2014 08:27:40 -0500
Message-id: <[🔎] 52C95DCC.7000404@attglobal.net>
In-reply-to: <[🔎] 20140105113235.GA12457@tal>
References: <CAD4guxMFWHUu926650Woni_pkc=-f=fxO_HvzC871fbkkp59PQ@mail.gmail.com> <20131224175426.7426a5ed6300ba2d466978f4@gmail.com> <CAD4guxP1oaZVw=c3sYHKD2mcg5a-43QbGPaLGEbd0frUQzxChA@mail.gmail.com> <20131230212357.GA28879@hysteria.proulx.com> <CAD4guxP8Sgx3Fc-YxhsrVgT7H2oTyBdsoPLE10aKn5bYZuhFrw@mail.gmail.com> <52C2CF8D.60402@attglobal.net> <[🔎] 20140102032422.GB24746@hysteria.proulx.com> <[🔎] 52C8BBBE.6010902@attglobal.net> <[🔎] 20140105025739.GB6297@tal> <[🔎] 52C8CDBC.3010304@attglobal.net> <[🔎] 20140105113235.GA12457@tal>

On 1/5/2014 6:32 AM, Chris Bannister wrote:

On Sat, Jan 04, 2014 at 10:13:00PM -0500, Jerry Stuckle wrote:

On 1/4/2014 9:57 PM, Chris Bannister wrote:

On Sat, Jan 04, 2014 at 08:56:14PM -0500, Jerry Stuckle wrote:

Setting up a phpmyadmin config file is hardly "system
administration". It's configuration affects only itself, not the
entire system.


Can any average user joe bloggs configure phpmyadmin? If not (and I
suspect not, otherwise pandemonium is the result) then it is a system
administration task!


Only in Debian is phpMyAdmin owned by root.  And no, it does NOT
have to be configured by the system administrator.  A website
administrator could configure it, for instance.


Sigh! For the purposes of this list, that *is* system administration if
the phpmyadmin config file is under a system directory.  Don't confuse
debian-user with debian-enterprise and/or debian-isp.

No, for YOUR purpose, that is system administration. but not everyinstallation is one person running a machine in his/her basement. Itisn't the way the system is administrated when you have multiple peoplemanaging a large system. And just because this is debian-user doesn'tmean it is system administration for everyone.

There are not multiple packages for debian-user, debian-enterpriseand/or debian-isp.

And the ONLY reason these files are owned by root is because the Debianpackagers did it that way. The original package is NOT owned by root.


Jerry

Reply to:

References:
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Bob Proulx <bob@proulx.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Jerry Stuckle <jstuckle@attglobal.net>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Chris Bannister <cbannister@slingshot.co.nz>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Jerry Stuckle <jstuckle@attglobal.net>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Chris Bannister <cbannister@slingshot.co.nz>

Prev by Date: Re: something triggering my screensaver timeout (login dialog) - sid, xfce
Next by Date: Re: (Continued) which image shall I use for P4/2.9G
Previous by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Next by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Index(es):
- Date
- Thread