User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Change ownership to nobody:apache


Change ownership to nobody:apache




Posted by prashant1979, 11-21-2008, 08:30 AM
Change ownership to nobody:apache Hello, One of my customers wants me to change the ownership to nobody and group to apache in a directory created in the home directory of his website. I want to know whether doing so will pose any security problem. Also is there any advantage of changing the owner to nobody and group to apache?
Posted by JayShah, 11-21-2008, 09:51 AM
What user and group is your web server (assuming it's Apache) running as? Jay
Posted by prashant1979, 11-21-2008, 09:55 AM
How can I find it?
Posted by JayShah, 11-21-2008, 09:57 AM
Upload the following PHP script and run it: PHP Code: Please paste the output. That will work, unless you have disabled shell_exec. Jay
Posted by prashant1979, 11-21-2008, 10:11 AM
Apache runs under nobody user and nobody group
Posted by EuroVPS/Sam, 11-21-2008, 12:54 PM
if you are running cpanel, consider upgrading php with suphp __________________ Sam M Team Leader EuroVPS Inc.
Posted by eth00, 11-21-2008, 01:39 PM
The disadvantage is if somebody exploits a website and all of the other websites are owned by the same apache:nobody they can also exploit the other sites. With Suphp proper ownership will fix this from the simple attacks. Also with apache user you sometimes need to 777 directories which is again unsafe. Disadvantage of suphp is the extra overhead, worth it in terms of gained security though. __________________ John Security and general linux how-to'sTotalServerSolutions - for all your linux server and colocation needs!
Posted by prashant1979, 11-29-2008, 04:48 AM
So, in short it means I should not change the ownership of the website to apache:nobody. Am I right?
Posted by JayShah, 11-29-2008, 06:15 AM
Quote: Originally Posted by prashant1979 So, in short it means I should not change the ownership of the website to apache:nobody. Am I right? In my opinion, yes. I would not set the uid/gid to apache and/or nobody. Jay __________________▌Jay Shah ▌MyCoHost - User Mode Linux VPS - No OpenVZ = No Overselling ▌Value For Money Semi-Managed VPS's with cPanel/WHM, Fantastico, WHM Master Resellers
Posted by myiptest, 11-29-2008, 07:47 AM
My suggestion is to ask your client about which directories and files he need to have full access ? and you'll set permissions to 777 only to that directories and files.
Posted by ub3r, 11-29-2008, 09:06 AM
Quote: Originally Posted by prashant1979 Apache runs under nobody user and nobody group Not always...
Posted by JayShah, 11-29-2008, 09:36 AM
Quote: Originally Posted by ub3r Not always... I think the OP was talking about their system, which was the information I asked for. Jay __________________▌Jay Shah ▌MyCoHost - User Mode Linux VPS - No OpenVZ = No Overselling ▌Value For Money Semi-Managed VPS's with cPanel/WHM, Fantastico, WHM Master Resellers


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
HostWorkz (Views: 666)
Rapidswitch Puts Clients In Control With First API (Views: 726)
MSSQL Server Attacks (Views: 624)
ServInt (Views: 938)
Real-time avatar based Web applet possible? (Views: 578)

Language:

Our Services

Client Menu

Legal

+1 512-782-9732

Find any answers
you need...



  • PCI Secure
  • Verefied by VISA
  • MasterCard SecureCode

    • Terms of Service | Privacy Policy | FAQs | Affiliates | Email
    Copyright © 2015 BraginHos / CHS Gateway inc. - All Rights Reserved.
    Our address: CHS GATEWAY INC c/o Regus Offices, 2598 E. Sunrise Blvd Ste 2104, Fort Lauderdale, Florida 33304, contact phone number: (+1) 512-782-9732, email: support@chsgatewayinc.com