Can you clarify what "_RUN_ the web server" means? My current practice is this: The only way I work on my server PC is through ssh from a client computer because my server PC doesn't have a monitor hooked up to it. Anyway, I log in as root and the very first thing I do is "service httpd stop". I go about doing whatever task I have to do in that session and then I say, "service httpd start; exit". Are you saying that I don't have to have Apache stopped while I'm logged in as root, or are you saying I shouldn't stay logged in as root after I issue "service httpd start"? > Date: Thu, 8 Jul 2004 17:16:07 -0700 (PDT) > From: Alan Horn <ahorn@xxxxxxxxxx> > Subject: Re: Working as root while Apache is running; how much a risk? > To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx> > Message-ID: <Pine.NEB.4.60.0407081714230.962@xxxxxxxxxxxxxxx> > Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed > > > > On Thu, 8 Jul 2004, Michael Sullivan wrote: > > > When I first started using Red Hat Linux 8.0 I was reading through the > > Red Hat Linux Security Guide and it said to always shut down Apache when > > logged in as root to prevent hackers from coming in through the web > > server. I've always done it because the Security Guid said to, but > > never really understood why. How would hackers come in through the web > > server? I realize that they could telnet in, but wouldn't they have to > > log in as a user? What exactly would happen? Can anyone tell me how > > this would be accomplished? It's annoying having to stop Apache when I > > log in to work on the system and then starting it again when I log > > out... > > Um, I've never heard of that restriction. You should never _RUN_ the > webserver as root (the same goes for any processes that interact with the > outside world where at all possible). > > Perhaps thats where the confusion comes from ? > > The reason for not running a webserver as root is that any method that a > hacker uses to compromise that webserver will then have a greater level > (e.g. root) of access into your system. read and modify any files, trash > your disks.. etc... > > Cheers, > > Al > > > > > ------------------------------
