Can you clarify what "_RUN_ the web server" means? My current practice
is this: The only way I work on my server PC is through ssh from a
client computer because my server PC doesn't have a monitor hooked up to
it. Anyway, I log in as root and the very first thing I do is "service
httpd stop". I go about doing whatever task I have to do in that
session and then I say, "service httpd start; exit". Are you saying
that I don't have to have Apache stopped while I'm logged in as root, or
are you saying I shouldn't stay logged in as root after I issue "service
httpd start"?
Date: Thu, 8 Jul 2004 17:16:07 -0700 (PDT)
From: Alan Horn <ahorn(a)deorth.org>
Subject: Re: Working as root while Apache is running; how much a risk?
To: For users of Fedora Core releases <fedora-list(a)redhat.com>
Message-ID: <Pine.NEB.4.60.0407081714230.962(a)slick.sigje.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Thu, 8 Jul 2004, Michael Sullivan wrote:
> When I first started using Red Hat Linux 8.0 I was reading through
the
> Red Hat Linux Security Guide and it said to always shut down
Apache
when
> logged in as root to prevent hackers from coming in through the
web
> server. I've always done it because the Security Guid said to, but
> never really understood why. How would hackers come in through the
web
> server? I realize that they could telnet in, but wouldn't
they have
to
> log in as a user? What exactly would happen? Can anyone tell
me
how
> this would be accomplished? It's annoying having to stop
Apache
when I
> log in to work on the system and then starting it again when I
log
> out...
Um, I've never heard of that restriction. You should never _RUN_ the
webserver as root (the same goes for any processes that interact with
the
outside world where at all possible).
Perhaps thats where the confusion comes from ?
The reason for not running a webserver as root is that any method that
a
hacker uses to compromise that webserver will then have a greater
level
(e.g. root) of access into your system. read and modify any files,
trash
your disks.. etc...
Cheers,
Al
------------------------------