[TriLUG] apache2 security question

Blackburn, Marvin mblackburn at glenraven.com
Tue Aug 21 11:07:04 EDT 2007


Root is needed for port 80.  Access to other, non priveleged ports  are
given to "lesser userss".
It's a user convienence thing.  As you can tell, I'm not a web admin.

In the past, we have taken the httpd.conf file and moved it in after
inspection, but really don't always know what he is doing.  We give sudo to
webadmin to apachectl

-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On Behalf
Of Matt Pusateri
Sent: Tuesday, August 21, 2007 11:01 AM
To: Triangle Linux Users Group General Discussion
Subject: Re: [TriLUG] apache2 security question

Why don't you give the webadmin sudo rights, yes it can be bypassed, but 
at least you will know it.  Also you need to decide whether you trust 
the webadmin or not!

 I too wonder why your running apache as root?

Matt P.

Blackburn, Marvin wrote:
> We need to run apache2 as root; however, we dont want to give our web
> developer root access to modify the apache2 files as that, at one time,
was
> risky.
> We started doing this quite some time ago; however, I'm not sure that we
> need to continue doing this.  Is there any risk to giving the webadmin
write
> permissions to the httpd.conf file and allowing hiim to start and stop the
> system with apachectl as long as root owns all the other files?
>  
> most of our systems are rhel 3.0 and above and we use apache2 instead of
teh
> httpd that comes with the system.
>  
>  
>
>
> _____________________________________
> "He's no failure. He's not dead yet."
> William Lloyd George
>
>   
>
>  
>   

-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3921 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20070821/4bbe1272/attachment.bin>


More information about the TriLUG mailing list