I started with the default apache user and ran the following commands:
#bring up apache account- mkdir /home/apache cp /etc/skel/.* /home/apache chown -R apache: /home/apache usermod -d /home/apache apache usermod -s /bin/bash apache
This way I can access it with a simple 'su apache' command ran as root and there's a home directory to store the .psql_history file so the command history is saved across sessions. I fear that by setting the shell with 'usermod -s /bin/bash apache' I've opened a can of worms. I just set a password on the account to prevent any more logins but if there's a security hole it would be nice to fix it and if not I would like to know how they logged in and understand the process. I tried (just before setting the password) to login hitting enter for the password and I couldn't get in.
Luciano Miguel Ferreira Rocha wrote:
And login with empty passwords can be disabled by removing nullok from /etc/pam.d/system-auth.
I found nullok twice in the file. Perhaps I couldn't get in on my test because PuTTY doesn't pass null. I guess I shall always set a password from now on.
thanks all scottb
Ralf Ertzinger wrote:
Hi.
Scott Becker <scottb@xxxxxxxx> wrote:
My apache account is active so I can su to it to administer postgresql
databases accessable via php scripts.
You do not need a password for that, or change anything about the account.
"sudo -u apache" (as normal user) or just "su -m apache" (as root) ought to do the job.
