On Thu, 8 Jul 2004, Michael Sullivan wrote:
When I first started using Red Hat Linux 8.0 I was reading through the Red Hat Linux Security Guide and it said to always shut down Apache when logged in as root to prevent hackers from coming in through the web server. I've always done it because the Security Guid said to, but never really understood why. How would hackers come in through the web server? I realize that they could telnet in, but wouldn't they have to log in as a user? What exactly would happen? Can anyone tell me how this would be accomplished? It's annoying having to stop Apache when I log in to work on the system and then starting it again when I log out...
Um, I've never heard of that restriction. You should never _RUN_ the webserver as root (the same goes for any processes that interact with the outside world where at all possible).
Perhaps thats where the confusion comes from ?
The reason for not running a webserver as root is that any method that a hacker uses to compromise that webserver will then have a greater level (e.g. root) of access into your system. read and modify any files, trash your disks.. etc...
Cheers,
Al
