Solved

Apache Security Query

Posted on 2006-06-21
6
244 Views
Last Modified: 2010-03-04
What are the implications of the Apache web server being owned by anyone other than root or the apache user?

Our Oracle DBA has setup apache to run as the Oracle user so when I do a grep for httpd processes they are all owned by the oracle user.

On our other system I have set it up so that sudo allows the oracle user to start and stop the apache processes, but when they are started, they are done so under the apache users ID. Is this method OK in terms of security?
0
Comment
Question by:Grass-hopper
  • 2
6 Comments
 
LVL 5

Accepted Solution

by:
flashwebhost earned 100 total points
ID: 16982203
You can run Apache as any user other than root.

Running Apache as oracle user is insecure as Apache get access to files owned by oracle. Better run apache as its own user like apache, www, httpd, etc...
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17001880
Hi,

You said it starts up under the apache user ID this is much more secure than running it as Oracle user as flashwebhost said. The apache account
will normally have the following shell /sbin/nologin or /bin/flase depending on your distrobution. These to shells stop users from logging into your
machine as they are not valid shells.
0
 

Author Comment

by:Grass-hopper
ID: 17001972
flash - why is it better to run as apache? - suppose what I'm asking is what makes the apache user more likely to get hacked than say the Oracle user itself?
0
 
LVL 16

Assisted Solution

by:xDamox
xDamox earned 100 total points
ID: 17002306
Grass-hopper,

Have a look in the /etc/passwd file and see if the user Oracle has a shell e.g. /bin/bash also if you set youre Apache webserver to run as the user
apache this will stop more data being gathered by a cracker. As the user Oracle will have access to all data.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question