• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 268
  • Last Modified:

Apache Security Query

What are the implications of the Apache web server being owned by anyone other than root or the apache user?

Our Oracle DBA has setup apache to run as the Oracle user so when I do a grep for httpd processes they are all owned by the oracle user.

On our other system I have set it up so that sudo allows the oracle user to start and stop the apache processes, but when they are started, they are done so under the apache users ID. Is this method OK in terms of security?
0
Grass-hopper
Asked:
Grass-hopper
  • 2
2 Solutions
 
flashwebhostCommented:
You can run Apache as any user other than root.

Running Apache as oracle user is insecure as Apache get access to files owned by oracle. Better run apache as its own user like apache, www, httpd, etc...
0
 
xDamoxCommented:
Hi,

You said it starts up under the apache user ID this is much more secure than running it as Oracle user as flashwebhost said. The apache account
will normally have the following shell /sbin/nologin or /bin/flase depending on your distrobution. These to shells stop users from logging into your
machine as they are not valid shells.
0
 
Grass-hopperAuthor Commented:
flash - why is it better to run as apache? - suppose what I'm asking is what makes the apache user more likely to get hacked than say the Oracle user itself?
0
 
xDamoxCommented:
Grass-hopper,

Have a look in the /etc/passwd file and see if the user Oracle has a shell e.g. /bin/bash also if you set youre Apache webserver to run as the user
apache this will stop more data being gathered by a cracker. As the user Oracle will have access to all data.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now