Apache user?

Jon South striker at lunar-linux.org
Wed Apr 21 11:05:30 GMT 2004 

Auke Kok wrote:
> on the personal opinion side: I think everyone setting up an apache 
> should edit the .conf carefully and choose a proper uid for its daemons. 
> having a specific uid for apache turns out to be beneficial but who says 
> it needs to be 'xxx' and not 'yyy'
> 
> that said it would be wise to check what FHS/LSB have to say about UID's 
> for www daemons, please bear in mind that there is also a httpsd process 
> that will need accordingly to be adjusted, so you're talking about 2 
> used id's here.
> 
> anyway, before you turn up a mess, here's a brief list of possibilities: 
> www, w3, http, httpd, apache, web, https, httpsd.... the list of 
> possible choices is endless... nobody isn't all that bad folks - 
> especially for defaults.
> 
> PS I don't see 'many' other processes running as nobody actually, are 
> there actually modules that consistently use the uid 'nobody' ?

I'll look into what LSB has to say about it, but the common convention 
I've seen between distributions is the user and group 'apache'

Why is it we have a seperate daemon for https anyway? Apache can listen 
on both 80 and 443 at the same time, why use up more resources to have a 
different set a daemons for each port?

Also, I didn't say that there were always many things that run as 
nobody, but rather that it's a possibility; each admin runs their 
servers a different way...

Another reason I brought this up has to do with a problem that someone 
can have if they are selling webspace and have many daemons running as 
nobody; a malicious user could do <?php shell_exec("killall -11 
<process>"); ?> and kill it if that process is running as the same user 
as apache. I just ran a test to confirm this too; I successfully killed 
my spamassassin daemon.

-Striker

-- 
The system requirements said "Windows 95 or better"
So I installed Linux.

Microsoft sells you Windows; Linux gives you the house.

v1sw6CUhw5ln4pr5ck4ma6/7u8Lw3Tm5l6+8GOa21s6Mr2e5+7t5/6TNDVESLFRXMb3Hp0en6/7g9ASTHCNMP 
www.hackerkey.com

Registered Linux User: 332618
<http://striker.interhact.net/striker.asc>

More information about the Lunar-dev mailing list