Apache as nobody
Posted: Wed May 09, 2007 9:55 pm
The following is a small snippet of the server I currently have setup (Debian ETCH 4.0). It's a self-managed dedciated server which I plan on moving my clients to once setup and secure.
The apache books I just read both suggest running Apache as user 'nobody' which is set in httpd.conf, easy enough, but by default it seems it's running as www-data (exluding the first because it's the parent process?).
I assume I can lookup user 'www-root' and make it basically the same as 'nobody'? However would it not be easier to just change the Apache setting to set each child process to 'nobody'?
I have cataloged all required apache modules and made sure I read up on each to thouroughly understand them. I have removed webmin (which came as default) and have plans on using SFTP. Is there *any* reason I would ever need to run FTPd as root or should it be my normal login as well?
Cheers
The apache books I just read both suggest running Apache as user 'nobody' which is set in httpd.conf, easy enough, but by default it seems it's running as www-data (exluding the first because it's the parent process?).
Code: Select all
root 5421 0.0 1.1 17036 5696 ? Ss 21:43 0:00 /usr/sbin/apache2 -k start
www-data 5423 0.0 0.6 17036 3168 ? S 21:43 0:00 /usr/sbin/apache2 -k start
www-data 5424 0.0 0.6 17036 3168 ? S 21:43 0:00 /usr/sbin/apache2 -k start
www-data 5425 0.0 0.6 17036 3168 ? S 21:43 0:00 /usr/sbin/apache2 -k start
www-data 5426 0.0 0.6 17036 3168 ? S 21:43 0:00 /usr/sbin/apache2 -k start
www-data 5427 0.0 0.6 17036 3168 ? S 21:43 0:00 /usr/sbin/apache2 -k start
root 5432 0.0 0.1 3432 1004 pts/0 R+ 21:44 0:00 ps -auxI have cataloged all required apache modules and made sure I read up on each to thouroughly understand them. I have removed webmin (which came as default) and have plans on using SFTP. Is there *any* reason I would ever need to run FTPd as root or should it be my normal login as well?
Cheers