Date: Wed, 5 Sep 2001 21:06:46 +0200 From: =?ISO-8859-1?B?U/hyZW4gTmVpZ2FhcmQ=?= <neigaard@e-box.dk> To: freebsd-newbies@FreeBSD.ORG Subject: Re: httpd user for Apache? Message-ID: <1772950722.20010905210646@e-box.dk>
next in thread | raw e-mail | index | archive | help
>> I have read somewhere that it is a good idea to make you'r >> applications run under specific users, and not under root. How is the >> best way to configure such a user, as an example a user for the Apache >> httpd deamon (i got so far as to name the user httpd). Should it be in >> a specific group, have restricted rights and so on... > httpd.conf [snip]: > 245 # If you wish httpd to run as a different user or group, you must run > 246 # httpd as root initially and it will switch. > 247 # > 248 # User/Group: The name (or #number) of the user/group to run httpd as. > 249 # . On SCO (ODT 3) use "User nouser" and "Group nogroup". > 250 # . On HPUX you may not be able to use shared memory as nobody, and the > 251 # suggested workaround is to create a user www and use that user. > 252 # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) > 253 # when the value of (unsigned)Group is above 60000; > 254 # don't use Group nobody on these systems! > 255 # > 256 User nobody > 257 Group nobody > Tip: search for "SuExec" and CGIwrap somewhere for other, more or less paranoia > security *gg > You can play the same game with user/group in your virtual domains. Im sorry, but I dont quite get this :) Does this also mean that I should install Apache as my new user? How do I run Apache as root, and the swich to my new user? -- Best regards, Søren mailto:neigaard@e-box.dk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1772950722.20010905210646>