Working as root while Apache is running; how much a risk?
Michael Sullivan
michael at espersunited.com
Fri Jul 9 00:15:30 UTC 2004
When I first started using Red Hat Linux 8.0 I was reading through the
Red Hat Linux Security Guide and it said to always shut down Apache when
logged in as root to prevent hackers from coming in through the web
server. I've always done it because the Security Guid said to, but
never really understood why. How would hackers come in through the web
server? I realize that they could telnet in, but wouldn't they have to
log in as a user? What exactly would happen? Can anyone tell me how
this would be accomplished? It's annoying having to stop Apache when I
log in to work on the system and then starting it again when I log
out...
More information about the users
mailing list