Solved

Apache Security Query

Posted on 2006-06-21
6
242 Views
Last Modified: 2010-03-04
What are the implications of the Apache web server being owned by anyone other than root or the apache user?

Our Oracle DBA has setup apache to run as the Oracle user so when I do a grep for httpd processes they are all owned by the oracle user.

On our other system I have set it up so that sudo allows the oracle user to start and stop the apache processes, but when they are started, they are done so under the apache users ID. Is this method OK in terms of security?
0
Comment
Question by:Grass-hopper
  • 2
6 Comments
 
LVL 5

Accepted Solution

by:
flashwebhost earned 100 total points
ID: 16982203
You can run Apache as any user other than root.

Running Apache as oracle user is insecure as Apache get access to files owned by oracle. Better run apache as its own user like apache, www, httpd, etc...
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17001880
Hi,

You said it starts up under the apache user ID this is much more secure than running it as Oracle user as flashwebhost said. The apache account
will normally have the following shell /sbin/nologin or /bin/flase depending on your distrobution. These to shells stop users from logging into your
machine as they are not valid shells.
0
 

Author Comment

by:Grass-hopper
ID: 17001972
flash - why is it better to run as apache? - suppose what I'm asking is what makes the apache user more likely to get hacked than say the Oracle user itself?
0
 
LVL 16

Assisted Solution

by:xDamox
xDamox earned 100 total points
ID: 17002306
Grass-hopper,

Have a look in the /etc/passwd file and see if the user Oracle has a shell e.g. /bin/bash also if you set youre Apache webserver to run as the user
apache this will stop more data being gathered by a cracker. As the user Oracle will have access to all data.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Redirect all pages to one specific page 1 107
Read Config:: values from another file 2 83
LAMP problem identifier tool ? 9 108
apache vhosts on mac not being recognized 5 69
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now