Re: [MLUG] Re: low ports from users?

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Members <EMAIL:PROTECTED>
Subject: Re: [MLUG] Re: low ports from users?
From: Michael <EMAIL:PROTECTED>
Date: Tue, 12 Oct 2004 19:01:44 -0700
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED
User-agent: Mozilla Thunderbird 0.8 (X11/20040926)

Wouldn't that run Apache with root permissions? Part of the goal is to 
strip Apache of root permissions. The only thing it needs them for is so 
it can open port 80. Seems a bad security decision to give it those 
permissions for such a small thing.

>Anything wrong with 'sudo'? Works great. Here's an example setup just for Apache.
>
>In /etc/sudoers:
>
>%webadmin ALL=(webadmin) ALL
>%webadmin ALL=(root) /usr/bin/su [-] webadmin
>%webadmin ALL=(root) /sbin/service httpd restart
>%webadmin ALL=(root) NOPASSWD: /sbin/service httpd reload
>
>This is on a RedHat system. The first two are just housekeeping to let them use sudo to do anything they normally could anyway. Adjust if your user is not named "webadmin". :=)
>  
>


-- 
Michael <EMAIL:PROTECTED>
http://kavlon.org

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

References:
- [MLUG] Re: low ports from users?
  - From: EMAIL:PROTECTED

Prev by Date: [MLUG] Re: low ports from users?
Next by Date: [MLUG] Re: compiling autocutsel on Red Hat Linux (or any Linux)
Previous by thread: [MLUG] Re: low ports from users?
Next by thread: [MLUG] Re: low ports from users?
Index(es):
- Date
- Thread