Date: Mon, 5 Jul 1999 18:31:30 -0400 (EDT) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: ludwigp@bigfoot.com (Ludwig Pummer) Cc: junkmale@xtra.co.nz, questions@FreeBSD.ORG Subject: Re: Use of user nobody Message-ID: <199907052231.SAA13699@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <4.2.0.58.19990704224033.009a86f0@toy> from Ludwig Pummer at "Jul 4, 99 10:46:32 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Ludwig Pummer wrote, > At 09:32 AM 7/5/1999 +1200, Dan Langille wrote: > >Given the above, I recall reading somewhere that it's better to create a > >separate user for apache (such as http). Any logic behind that reasoning? > > Well, on my system, I created an apache user so that I could have > apache-related files like web password or config files that Apache should > read but that other users couldn't. You can do that with 'nobody' as well. But as someone else pointed out, there _is_ potential hole there if one another program running under nobody accesses them. Confining the webserver to a specific user allows easier process accounting and security auditing. I also like to take advantage of group permissions (group www) to allow certain users the ability to edit and add pages. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907052231.SAA13699>