[Techtalk] Web Server User
Cynthia Kiser
cnk at ugcs.caltech.edu
Sat Oct 15 10:16:11 EST 2005
Quoting Raquel Rice <raquel at thericehouse.net>:
> Is there any reason that the user which Apache runs as
> (www-data/nobody) has a shell available to it? I'm trying to get
> rid of some possible exploit areas.
I run a pretty vanilla apache (no cgi) so can't tell you if there is
no reason - but my user 'nobody' has the standard daemon non-shell
shell (/sbin/nologin) and everything is running fine. Pretty sure it
installed that way on my RedHat system.
--
Cynthia N. Kiser
cnk at ugcs.caltech.edu
More information about the Techtalk
mailing list