Re: www-data

To: debian-user@lists.debian.org
Subject: Re: www-data
From: mick crane <mick.crane@gmail.com>
Date: Sun, 28 Oct 2018 22:42:41 +0000
Message-id: <[🔎] 086231bd50b4cecf2fbbcf20b3cdf11d@gmail.com>
Reply-to: mick.crane@gmail.com
In-reply-to: <[🔎] 9c804d76-08d1-1840-22c2-cb5a64f23db7@transient.nz>
References: <[🔎] 8ce2d0af5847844a7f6831490166e473@gmail.com> <[🔎] b5abdea7-7188-ba7f-cf71-a4bbb6991458@panix.com> <[🔎] 9c804d76-08d1-1840-22c2-cb5a64f23db7@transient.nz>

On 2018-10-28 21:38, Ben Caradoc-Davies wrote:

On 29/10/2018 10:26, Carl Fink wrote:

On 10/28/2018 05:16 PM, mick crane wrote:

what's the deal with www-data ?
I never made that user
I dunno if it has a password or what ?
these are things that some setup / install makes ?

It's created by the Apache installer. Check the Apache docs.


And it should have no password. This user is accessed by switching to
it from root. As a security measure, after binding to privileged
network ports as root, apache switches to user www-data so that, if it
is compromised, the damage is limited. Processes that have dropped
root privileges cannot automatically regain them. Postgres and Tomcat
do the same thing with their own dedicated users.

I'm asking because somebody is saying that webmail server files shouldbe owned by root but I don't know about that, if somebody as got so farto be www-data they might as well be root ?


mick


--
Key ID    4BFEBB31

Reply to:

Follow-Ups:
- Re: www-data
  - From: Ben Caradoc-Davies <ben@transient.nz>
- Re: www-data
  - From: Gene Heskett <gheskett@shentel.net>

References:
- www-data
  - From: mick crane <mick.crane@gmail.com>
- Re: www-data
  - From: Carl Fink <carlf@panix.com>
- Re: www-data
  - From: Ben Caradoc-Davies <ben@transient.nz>

Prev by Date: Re: www-data
Next by Date: Re: www-data
Previous by thread: Re: www-data
Next by thread: Re: www-data
Index(es):
- Date
- Thread