Results 1 to 4 of 4

Thread: httpd with root

  1. #1

    httpd with root

    I found that my hosting company running httpd daemon using root account instead of nobody account? Is that a bad practice and should I suggest him/her to change that?

  2. #2
    Join Date
    Jun 2003
    Posts
    673
    There should be one Apache process running as root, but all the others should be using an unprivileged account ('nobody' or 'www-data' or something like that). If all of the processes are running as root, you should look for a new hosting company. Really.

  3. #3
    Join Date
    Oct 2003
    Location
    Chicago, Illinois
    Posts
    110
    Originally posted by dan_erat
    There should be one Apache process running as root, but all the others should be using an unprivileged account ('nobody' or 'www-data' or something like that). If all of the processes are running as root, you should look for a new hosting company. Really.
    I agree. You actually have to go out of your way to make Apache run all of it's processes as root (modifying src/Configurations), and it's just plain stupid to do it. Doing such a thing means they are too lazy to setup the correct permissions for customers' web directories.
    John Kata

  4. #4
    Join Date
    Jan 2004
    Location
    Greece
    Posts
    2,123
    If apache runs as root then you can do everything that a root can do via php scripts. Lets say you want to see the /etc/shadow:

    <?php
    system("cat /etc/shadow");
    ?>

    Change your host.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •