Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
On Sun, Jan 5, 2014 at 8:32 PM, Chris Bannister
<cbannister@slingshot.co.nz> wrote:
> On Sat, Jan 04, 2014 at 10:13:00PM -0500, Jerry Stuckle wrote:
>> On 1/4/2014 9:57 PM, Chris Bannister wrote:
>> >On Sat, Jan 04, 2014 at 08:56:14PM -0500, Jerry Stuckle wrote:
>> >>Setting up a phpmyadmin config file is hardly "system
>> >>administration". It's configuration affects only itself, not the
>> >>entire system.
>> >
>> >Can any average user joe bloggs configure phpmyadmin? If not (and I
>> >suspect not, otherwise pandemonium is the result) then it is a system
>> >administration task!
>> >
>>
>> Only in Debian is phpMyAdmin owned by root.
Has the Fedora project gone to the trouble to set up phpMyAdmin users?
I know they've been pushing a number of services out to
service-specific users. Would be great if they've gone this far.
(I think Debian has, too. Hmm. Yeah. Clamav, lightdm, gdm, sshd,
saned, hplip, exim, ..., user ids over 99.)
>> And no, it does NOT
>> have to be configured by the system administrator. A website
>> administrator could configure it, for instance.
>
> Sigh! For the purposes of this list, that *is* system administration if
> the phpmyadmin config file is under a system directory. Don't confuse
> debian-user with debian-enterprise and/or debian-isp.
Well, FWIW, I've seen my share of servers operating in enterprises
that started their lives as boxes set up and admin-ed by people like
those in this group.
(Wandering off to lists.debian.org, to see if there really is a
debian-isp list ... Oh. My goodness, there is.)
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
Reply to: