On Wed, Sep 03, 2008 at 02:02:16PM +0200, Krist van Besien wrote: > On Tue, Sep 2, 2008 at 20:18, Joseph S D Yao <jsdy@xxxxxxx> wrote: ... > > maintaining != starting > > Since any change to the config requires a restart maintaing a server > requires you to be able to start it. ... Fair. For most changes, anyway. But maintaining the server files should not require root privileges. And if it is possible to re-start the server without becoming root [requires some assembly - or C], then do so. The whole point, which seems to be missed among my earlier whimsical phrasing and some possible mistakes on my part, is this. You should do as little as possible as root. In the over 35 years that I've been working on and maintaining *n*x systems, it's amazing the number of mistakes - often lethal [for the system] - that have been made possible because someone was doing something as root, rather than as a system account. The corollary, of course, is that as few files as possible should be owned by root, so that you don't have to be root to maintain them. The ownership, if possible/necessary, should be spread around to system accounts with different roles. Doing everything as root is just plain bad security. Plan around it. -- /*********************************************************************\ ** ** Joe Yao jsdy@xxxxxxx - Joseph S. D. Yao ** \*********************************************************************/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|