Portal Home > Knowledgebase > Articles Database > Change ownership to nobody:apache
Change ownership to nobody:apache
Posted by prashant1979, 11-21-2008, 08:30 AM |
Change ownership to nobody:apache
Hello,
One of my customers wants me to change the ownership to nobody and group to apache in a directory created in the home directory of his website. I want to know whether doing so will pose any security problem. Also is there any advantage of changing the owner to nobody and group to apache?
|
Posted by JayShah, 11-21-2008, 09:51 AM |
What user and group is your web server (assuming it's Apache) running as?
Jay
|
Posted by prashant1979, 11-21-2008, 09:55 AM |
How can I find it?
|
Posted by JayShah, 11-21-2008, 09:57 AM |
Upload the following PHP script and run it:
PHP Code:
Please paste the output. That will work, unless you have disabled shell_exec.
Jay
|
Posted by prashant1979, 11-21-2008, 10:11 AM |
Apache runs under nobody user and nobody group
|
Posted by EuroVPS/Sam, 11-21-2008, 12:54 PM |
if you are running cpanel, consider upgrading php with suphp
__________________
Sam M
Team Leader
EuroVPS Inc.
|
Posted by eth00, 11-21-2008, 01:39 PM |
The disadvantage is if somebody exploits a website and all of the other websites are owned by the same apache:nobody they can also exploit the other sites. With Suphp proper ownership will fix this from the simple attacks. Also with apache user you sometimes need to 777 directories which is again unsafe.
Disadvantage of suphp is the extra overhead, worth it in terms of gained security though.
__________________
John Security and general linux how-to'sTotalServerSolutions - for all your linux server and colocation needs!
|
Posted by prashant1979, 11-29-2008, 04:48 AM |
So, in short it means I should not change the ownership of the website to apache:nobody. Am I right?
|
Posted by JayShah, 11-29-2008, 06:15 AM |
Quote:
Originally Posted by prashant1979
So, in short it means I should not change the ownership of the website to apache:nobody. Am I right?
In my opinion, yes. I would not set the uid/gid to apache and/or nobody.
Jay
__________________âÂÂJay Shah
âÂÂMyCoHost - User Mode Linux VPS - No OpenVZ = No Overselling âÂÂValue For Money Semi-Managed VPS's with cPanel/WHM, Fantastico, WHM Master Resellers
|
Posted by myiptest, 11-29-2008, 07:47 AM |
My suggestion is to ask your client about which directories and files he need to have full access ? and you'll set permissions to 777 only to that directories and files.
|
Posted by ub3r, 11-29-2008, 09:06 AM |
Quote:
Originally Posted by prashant1979
Apache runs under nobody user and nobody group
Not always...
|
Posted by JayShah, 11-29-2008, 09:36 AM |
Quote:
Originally Posted by ub3r
Not always...
I think the OP was talking about their system, which was the information I asked for.
Jay
__________________âÂÂJay Shah
âÂÂMyCoHost - User Mode Linux VPS - No OpenVZ = No Overselling âÂÂValue For Money Semi-Managed VPS's with cPanel/WHM, Fantastico, WHM Master Resellers
|
Add to Favourites Print this Article
Also Read
HostWorkz (Views: 666)
ServInt (Views: 938)