|
|
Sponsored Content
Special Forums
IP Networking
Apache: In the beginning...
Post 41276 by cerberusofhnsg on Wednesday 1st of October 2003 06:23:35 PM
10-01-2003
Quote:
Originally posted by Neo
Many people do not run their apache web server as 'nobody' and it really has nothing to do with the document root.
Many versions of software like MySQL more easily run as a user such as mysql and when the web server runs as the mysql user, things work a lot better.
There is no reason to associate the root directory of an apache a document tree with the root user or similar groups and permissions.
Root, in this instance, simply means document tree root. Apache can run as many users, normally should not be root, but not necessarily 'nobody' for many applications. The root of document trees in Apache can owned and written to by any user, according to the configuration of the system.
Many people do not run their apache web server as 'nobody' and it really has nothing to do with the document root.
Many versions of software like MySQL more easily run as a user such as mysql and when the web server runs as the mysql user, things work a lot better.
There is no reason to associate the root directory of an apache a document tree with the root user or similar groups and permissions.
Root, in this instance, simply means document tree root. Apache can run as many users, normally should not be root, but not necessarily 'nobody' for many applications. The root of document trees in Apache can owned and written to by any user, according to the configuration of the system.
This is the default on Red Hat 7.3, and I am not where I can confirm this on other distros. Apache typically runs either as nobody, or apache. Apache should *NEVER* run as root as whenever possible. I have pushed out several servers, where Apache is either running as nobody, or apache, and MySql was installed and configured to work with Apache. IMHO, Apache should not run as another user. I have never had any problems with MySQL running as a user different than Apache, and in fact this is more secure. If someone takes over MySQL, you don't want them to be able to kill httpd, etc.
I beg to differ on the permissions of the document tree root, root should be the only person (static websites here) that has write access to the website, so if someone does break into Apache, they cannot deface the website:
drwxr-xr-x 5 root root 4096 Aug 4 23:40 htdocs
is the default when installing Apache from source. This is done for a reason.
Please don't take this the wrong way Neo, simply giving my two cents on the matter. I guess I'm a bit paranoid on security, but in my job you have to be
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
i am fairly new to unix, and i would want a very simple, small command-line operating system to learn as much as possible. are there any good ones? i have a fairly old laptop w/ about 700 MB, running windows 95. i would like to partition it, anyone know how to do that? any help is very much... (1 Reply)
Discussion started by: henroid815
1 Replies
2. UNIX for Dummies Questions & Answers
Actually, I had my first problem before even BEGINNING using my FreeBSD.
The installation guide said I should run the rawrite tool and should do something like
A> rawrite
if i put the the file I want to image-copy and the rawrite.exe in the same directory somewhere. OK done that. Next it asks... (6 Replies)
Discussion started by: Mudrack
6 Replies
3. UNIX for Dummies Questions & Answers
I'd like to start learning UNIX. Where should I begin? I have a desktop PC running Windows XP, but I don't use it for much since I got my Macbook. I was going to install Windows on my Mac, but I quickly noticed that I have absolutely no need for it.
I'm just starting to learn my terminal... (5 Replies)
Discussion started by: andou
5 Replies
4. Programming
I want to learn C++ ! :)
I have basic programming knowledge with python and perl.
Does anyone know of any great beginner tutorials for C++? (1 Reply)
Discussion started by: cbreiny
1 Replies
5. Shell Programming and Scripting
Hi
from a script i want to to read a file beginning at line e.g. number 21 to the EOF.
less +n21 temp.txt
Bevor the result, it brings an empty page, so that i cant use for scripting.
Any idea how the problem can be solved?
Thanks in advance!
IMPe (2 Replies)
Discussion started by: IMPe
2 Replies
6. Programming
I had hard time to understand svn, and asked my admin who said I was over thinking and recommend remember the 5~6 commands to do as told. But I am so lost when the situation changed a little bit. For example, I am in my local box under my project folder:
/home/yifangt/svn/ where there are two... (5 Replies)
Discussion started by: yifangt
5 Replies
7. Shell Programming and Scripting
Hi,
I now that >> will append text to the end of the text that is already inside the file.
How to append the new text infront of the text that is already in the file.
Thanks for any input.
Regards,
Chandu (3 Replies)
Discussion started by: chandrakanth
3 Replies
8. Web Development
Hi,
I'm new to developing modules for Apache. I understand the basics now and can develop something simple which allows a 'GET' request to happen, but what I want to do is actually 'POST' information to my site. I know the basic POST Request works and I can see that it is post by looking at... (2 Replies)
Discussion started by: fishman2001
2 Replies
9. Red Hat
Process not running: /opt/java15/jdk/bin/java -classpath /opt/apache/apache-ant-1.7.0-mod/lib/ant-la
Have no idea on what the below error message is:
Process not running: /opt/java15/jdk/bin/java -classpath /opt/apache/apache-ant-1.7.0-mod/lib/ant-launcher.jar org.apache.tools.ant.launch.Launcher -buildfile build.xml dist.
Any help? (3 Replies)
Discussion started by: gull05
3 Replies
10. Shell Programming and Scripting
Hi guys,
New member here, also new student!
I'm just starting the Shell Programming, currently in chapter four in the Book in Unix, Linux, and OS X by Stephen G. Kochan & Patrick Wood (4th edition).
I'm needing a little help with other possible ways to shorten this shell command:
//
... (1 Reply)
Discussion started by: shiver
1 Replies
LEARN ABOUT DEBIAN
apache::session::generate::modusertrack
Apache::Session::Generate::ModUsertrack(3pm) User Contributed Perl Documentation Apache::Session::Generate::ModUsertrack(3pm) NAME
Apache::Session::Generate::ModUsertrack - mod_usertrack for session ID generation SYNOPSIS
use Apache::Session::Flex; tie %session, 'Apache::Session::Flex', $id, { Store => 'MySQL', Lock => 'Null', Generate => 'ModUsertrack', Serialize => 'Storable', ModUsertrackCookieName => 'usertrack', # optional }; DESCRIPTION
Apache::Session::Generate::ModUsertrack enables you to use cookie tracked by mod_usertrack as session id for Apache::Session framework. This module fits well with long-term sessions, so better using RDBMS like MySQL for its storage. CONFIGURATION
This module accepts one extra configuration option. ModUsertrackCookieName Specifies cookie name used in mod_usertrack. "Apache" for default, so change this if you change it via "CookieName" directive in mod_usertrack. LIMITATION WITHOUT MOD_PERL This module first tries to fetch named cookie, but will in vain ONLY WHEN the HTTP request is the first one from specific client to the mod_usertrack enabled Apache web server. It is because if the request is for the first time, cookies are not yet baked on clients. If you run scripts under mod_perl, this module tries to steal (not yet baked) cookie from Apache request notes. See Apache for details. AUTHOR
Tatsuhiko Miyagawa <miyagawa@bulknews.net> This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. SEE ALSO
Apache::Session, Apache::Session::Flex, mod_usertrack perl v5.10.1 2010-10-18 Apache::Session::Generate::ModUsertrack(3pm)