'at' command and apache user
Ed Greshko
Ed.Greshko at greshko.com
Fri Jun 17 08:32:59 UTC 2011
On 06/17/2011 04:24 PM, Gary Stainburn wrote:
> Thanks Gents,
>
> Shadow already had !! but passwd had /sbin/nologin
>
> Changed it to /bin/bash and it works great.
I'm not so sure giving user apache a shell is a good idea.
Depending on the type of web pages you serve you may find there to be a
buffer overflow vulnerability which gives an attacker a shell and allows
them to execute arbitrary commands as "apache".
I smell "danger Will Robinson"!
More information about the users
mailing list