[plug] Simple Web questions - Debian Linux

Trevor Phillips phillips at central.murdoch.edu.au
Sun Jun 13 11:06:28 WST 1999


Jeremy Malcolm wrote:
> 
> 1.    Is it bad for your root Web site to have the owner/group "root"?

I assume you mean who it runs as, not file perms? Yes, it's bad to have
a webserver run as root.

> 2.    What owner/group should it be (what is the default for Debian)?

Any designated user/group can be it.

> 3.    If the answer to 2 is "nobody:nogroup", isn't that a security risk?
> 4.    Unless the answer is "www-data", why does Debian have "www-data"?

I can't remember what Debian's module defaults were, but I think they
were something like www-data. I don't use Debian's Apache package any
more; I prefer installing it from the source myself to give me full
control of options (and live on the bleedin' edge of development ^_^) 

Basically, you should run the webserver as someone with read access to
web documents you want to dish up, and write access to appropriate log
files, data files, etc... The security issue is more a problem when you
have people developing CGI's for the server. Because the CGI's all run
as whoever the webserver is, it means they all have access to the same
resources. This means that if one CGI has read/write access to sensitive
data, ALL CGI's have access to it.

There are add-on's and wrappers to get around this, the usual technique
being to have home users CGI's run as that user.

> 5.    If you have the source to an Apache module that you are supposed to
>         compile into the server using "patch", can you convert it into a
>         loadable .so module instead without having to recompile httpd?

Which module is this? If it uses "patch", then sounds like it's more
than a module and modifies the source itself (Apache SSL does that). A
module's documentation should state whether it can be compiled as an .so
or not.

-- 
. Trevor Phillips             -           http://jurai.murdoch.edu.au/ . 
: CWIS Technical Officer         -           T.Phillips at murdoch.edu.au : 
| IT Services                       -               Murdoch University | 
 >------------------- Member of the #SAS# & #CFC# --------------------<
| On nights such as this, evil deeds are done. And good deeds, of     /
| course. But mostly evil, on the whole.                             /
 \      -- (Terry Pratchett, Wyrd Sisters)                          /


More information about the plug mailing list