Security Question

Scott Becker scottb at
Mon Feb 14 18:57:03 UTC 2005

I started with the default apache user and ran the following commands:

#bring up apache account-
mkdir /home/apache
cp /etc/skel/.* /home/apache
chown -R apache: /home/apache
usermod -d /home/apache apache
usermod -s /bin/bash apache

This way I can access it with a simple 'su apache' command ran as root 
and there's a home directory to store the .psql_history file so the 
command history is saved across sessions. I fear that by setting the 
shell with 'usermod -s /bin/bash apache' I've opened a can of worms. I 
just set a password on the account to prevent any more logins but if 
there's a security hole it would be nice to fix it and if not I would 
like to know how they logged in and understand the process. I tried 
(just before setting the password) to login hitting enter for the 
password and I couldn't get in.

Luciano Miguel Ferreira Rocha wrote:

>And login with empty passwords can be disabled by removing nullok from

I found nullok twice in the file. Perhaps I couldn't get in on my test 
because PuTTY doesn't pass null. I guess I shall always set a password 
from now on.

    thanks all

Ralf Ertzinger wrote:

>Scott Becker <scottb at> wrote:
>>My apache account is active so I can su to it to administer postgresql
>>databases accessable via php scripts.
>You do not need a password for that, or change anything about the
>"sudo -u apache" (as normal user) or just "su -m apache" (as root) ought
>to do the job.

More information about the fedora-devel-list mailing list