Apache user for cgi scripts/best security

[Blaqb0x]

Hi,

I just installed Apache2.0 and it's using nobody as the deamon user. Is this ok or should I change it to something else? Should I change the permissions on teh scripts/pages to 'other' have no rwx, who should be owner

thanx

[coltrane]

If the http daemon is running as wwwrun, then Id maintain the ownership of the cgi scripts as another user, just in case you are compromised.

Of course if your root access is compromised then that pretty much negates the issue.

Basically, good security means that you have to remain paranoid.

[Compunuts]

Well CGI should be run as nobody or unless you will have to authenticate all your users....