[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Apache Security Query

Posted on 2006-06-21
6
Medium Priority
?
267 Views
Last Modified: 2010-03-04
What are the implications of the Apache web server being owned by anyone other than root or the apache user?

Our Oracle DBA has setup apache to run as the Oracle user so when I do a grep for httpd processes they are all owned by the oracle user.

On our other system I have set it up so that sudo allows the oracle user to start and stop the apache processes, but when they are started, they are done so under the apache users ID. Is this method OK in terms of security?
0
Comment
Question by:Grass-hopper
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
flashwebhost earned 400 total points
ID: 16982203
You can run Apache as any user other than root.

Running Apache as oracle user is insecure as Apache get access to files owned by oracle. Better run apache as its own user like apache, www, httpd, etc...
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17001880
Hi,

You said it starts up under the apache user ID this is much more secure than running it as Oracle user as flashwebhost said. The apache account
will normally have the following shell /sbin/nologin or /bin/flase depending on your distrobution. These to shells stop users from logging into your
machine as they are not valid shells.
0
 

Author Comment

by:Grass-hopper
ID: 17001972
flash - why is it better to run as apache? - suppose what I'm asking is what makes the apache user more likely to get hacked than say the Oracle user itself?
0
 
LVL 16

Assisted Solution

by:xDamox
xDamox earned 400 total points
ID: 17002306
Grass-hopper,

Have a look in the /etc/passwd file and see if the user Oracle has a shell e.g. /bin/bash also if you set youre Apache webserver to run as the user
apache this will stop more data being gathered by a cracker. As the user Oracle will have access to all data.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Screencast - Getting to Know the Pipeline
Suggested Courses
Course of the Month18 days, 6 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question