Date: Thu, 29 Apr 2004 15:02:41 -0400 From: Charles Swiger <cswiger@mac.com> Cc: FreeBSD-questions Questions <freebsd-questions@freebsd.org> Subject: Re: Suexec with Apache 1.3.29 Message-ID: <C9F16B18-9A0F-11D8-BC40-003065ABFD92@mac.com> In-Reply-To: <6.0.0.22.0.20040429140657.11cf1120@pop.face2interface.com> References: <200404262126.36157.mikkel@talkactive.net> <200404291406.58150.mikkel@talkactive.net> <6.0.0.22.0.20040429101444.0e68a6a0@pop.face2interface.com> <200404291713.13999.mikkel@talkactive.net> <6.0.0.22.0.20040429140657.11cf1120@pop.face2interface.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 29, 2004, at 2:20 PM, Marty Landman wrote: >> Now he has to give the webserver the same rights as everybody else on >> the server. > > Real new to this as said, but the consistency of the approach seems to > be that Apache itself runs as user nobody. So your argument may have > merit but only if carried over to argue that httpd should run as > something greater than the lowly 'nobody'. I would argue that no file and no process on a system ought to be running as nobody. FreeBSD ships with a www user, uid=80, which is a much better choice to run Apache as. It's entirely possible to set up web-driven services which interact with Apache running as www, which in turn have their own uid's and permissions, such as Mailman, Big Brother, WebObjects, and lots of other "web middleware". -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C9F16B18-9A0F-11D8-BC40-003065ABFD92>