httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52612] New: Default Service Account
Date Mon, 06 Feb 2012 21:58:38 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52612

             Bug #: 52612
           Summary: Default Service Account
           Product: Apache httpd-2
           Version: 2.2.22
          Platform: PC
        OS/Version: Windows Server 2003
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Win32 MSI Installer
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: christopherrowson@gmail.com
    Classification: Unclassified


When installing Apache as a service, the installer currently configures the
service to run under the LocalSystem account. This account has extensive
privileges on the local system and acts as the computer on the network.

Would it not make more sense to run the Apache service under the LocalService
account? This account has the same level of access to resources and objects as
members of the Users group. This limited access helps safeguard the system if
individual services or processes are compromised. Services that run as the
Local Service account access network resources as a null session without
credentials.

Installing under the LocalService account and setting file and folder
permissions to read/execute at the top of the Apache folder tree, with
read/write/execute at the log folder seems to work fine.

Info:

http://social.msdn.microsoft.com/Forums/en/sqlsecurity/thread/31d57870-1faa-4e14-8527-ce77b1ff40e4

Cheers,

Chris

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message