Results 1 to 3 of 3

Thread: Apache user for cgi scripts/best security

Hybrid View

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    417

    Apache user for cgi scripts/best security

    Hi,

    I just installed Apache2.0 and it's using nobody as the deamon user. Is this ok or should I change it to something else? Should I change the permissions on teh scripts/pages to 'other' have no rwx, who should be owner

    thanx

  2. #2
    Mentor coltrane's Avatar
    Join Date
    May 2001
    Location
    North Carolina
    Posts
    1,390

    Re: Apache user for cgi scripts/best security

    If the http daemon is running as wwwrun, then Id maintain the ownership of the cgi scripts as another user, just in case you are compromised.

    Of course if your root access is compromised then that pretty much negates the issue.

    Basically, good security means that you have to remain paranoid.


  3. #3
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    Re: Apache user for cgi scripts/best security

    Well CGI should be run as nobody or unless you will have to authenticate all your users....

Similar Threads

  1. Scripts
    By countach44 in forum Windows - General Topics
    Replies: 8
    Last Post: 05-25-2005, 10:47 PM
  2. Apache 2 and scripts
    By vwgtiturbo in forum Programming
    Replies: 5
    Last Post: 10-30-2003, 12:42 AM
  3. Can this be done with Scripts ??
    By Compunuts in forum Programming
    Replies: 14
    Last Post: 11-08-2002, 08:06 AM
  4. Apache security
    By LearninLinux in forum Linux - Software, Applications & Programming
    Replies: 3
    Last Post: 05-03-2002, 02:38 PM
  5. Scripts kiddies
    By Bogler in forum Linux - General Topics
    Replies: 12
    Last Post: 03-04-2002, 10:10 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •