httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph S D Yao <j...@tux.org>
Subject Re: [users@httpd] How to start Apache automatically with certificate?
Date Thu, 04 Sep 2008 16:49:36 GMT
On Thu, Sep 04, 2008 at 07:55:09AM +0200, Krist van Besien wrote:
> On Wed, Sep 3, 2008 at 18:12, Joseph S D Yao <jsdy@tux.org> wrote:
> 
> > Doing everything as root is just plain bad security.  Plan around it.
> 
> That is why sudo is so convenient. I never meant that you would need
> to do everything as root, only that you needed to be able to do things
> as root. I almost never do a su - root, and use sudo almost whenever I
> need root powers.
> 
> I keep my config files writable only by root, and use sudoedit to edit
> them. I use sudo apachectl to restart apache etc...


Sudo without "-u ..." is root.  Plan how to do without it.  Does it
matter whether you say:
	$ su
	# cd /
	# ls tmp/"temp files "*
	# rm -rf tmp/"temp files" *
or
	$ cd /
	$ ls tmp/"temp files "*
	$ sudo rm -rf tmp/"temp files" *
?  Either way, you're history.

Have your files owned by a system account and readable by the Web
server account, and 'su' or 'sudo' to that account to RCS control and
edit them.

Then again, this may be a level of effort too great for casual Web sites
that can be easily reconstructed by hand, and where it doesn't really
matter if it is off the Web for a while.  For such personal-use systems,
doing everything as "root" is fine, since the only one upset with you if
you make such a mistake, will be you.  ;-)


-- 
/*********************************************************************\
**
** Joe Yao				jsdy@tux.org - Joseph S. D. Yao
**
\*********************************************************************/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message