On Wed, 2008-09-03 at 12:12 -0400, Joseph S D Yao wrote: > Doing everything as root is just plain bad security. Plan around it. Doing everything as root IS bad, and I don't think a single person has suggested it. What they have suggested is having apache started by root to allow it to acquire privileged resources, such as keys, sockets, log file handles etc, before dropping privileges. They've also suggested that their conf files be owned by root, and only readable by the apache user, which you also disagree with. Both of these arguments are eminently correct, and your disagreements to them are just plain wrong. If you do not start apache as root and then drop privileges, it means that any resources required to start their server will be accessible by the web server. This in turn means that if any exploit is found and exposed in your server, the attacker would have the means to truncate your log files (covering tracks) and impersonate your server in SSL transactions - effectively do a man in the middle attack. If the servers conf file is not owned by root, then generally that is okay, as long as it is not writable by the user running apache. I would personally still have it owned by root. Your security advice, from what I've seen, is at best misinformed, and at worst it is negligent. I urge anyone reading this thread to check some reputable sources before implementing any of Joseph's suggestions. Cheers Tom
Attachment:
signature.asc
Description: This is a digitally signed message part
|