Apache Security Query
Posted on 2006-06-21
What are the implications of the Apache web server being owned by anyone other than root or the apache user?
Our Oracle DBA has setup apache to run as the Oracle user so when I do a grep for httpd processes they are all owned by the oracle user.
On our other system I have set it up so that sudo allows the oracle user to start and stop the apache processes, but when they are started, they are done so under the apache users ID. Is this method OK in terms of security?