Working as root while Apache is running; how much a risk? (repost after subject line error)

[Scot L. Harris]

On Sat, 2004-07-10 at 15:04, Dave Pawson wrote:

> What about running tomcat or apache?
> Any guidelines on creating users/groups for such as that?
> 
> regards DaveP

The typical apache install from the rpms I think defaults to using the
user apache.  If you install the sources from the web site I believe
they use the user nobody by default.  

This is an option you can set in the httpd.conf file.  Which ever user
you use should NOT have a login shell.  The idea is that this is an
unprivileged user so on the off chance that someone finds and uses a
flaw to gain shell access to the server they would be limited in what
they could do.  They may be able to use that access to employ yet
another exploit to gain root access but it makes it that much more
difficult.

I have not played much with tomcat.  Used it a little with opennms I
think but nothing very serious.  The same ideas should apply, run them
with the fewest privileges possible to get the job done.  And where
possible leave an audit trail.  (that is what forcing someone to login
as a user account and then suing or using sudo will do for you.)

I also recommend you study any security documentation for each of those
packages provided by the developers.  They will know much better than I
how to secure their packages.

Good security starts with a healthy dose or two or paranoia and
suspicion regarding everything!  And remember the two most likely
sources of compromise is poor physical security and people you trust
with access to the system.  
-- 
Scot L. Harris
webid at cfl.rr.com

You can get everything in life you want, if you will help enough other
people get what they want.