Working as root while Apache is running; how much a risk? (repost after subject line error)

[Scot L. Harris]

On Fri, 2004-07-09 at 14:10, Dave Pawson wrote:
> Broadening this topic a bit,
> are there any general guidance documents as to what 'user' should
> run what apps or utilities? 
>   Or even what users/groups to set up?
> 
> I'm referring to a single user setup rather than an administered one.
> 
> TIA, DaveP

Have not seen anything that specifically addresses this.  However you
can get an idea by looking at a brand new installs /etc/passwd file. 
Many of those entries are defaults.  Others will depend on the packages
you install.

The best rule is to always always always run with the least amount of
privileges you can.  Use root as little as possible.  Obviously there
are some things that only root can do.  If it is a single person system
then you can relax this rule a little but it is better to run as a
normal user as much as possible. 

On multi-user systems you should use su to get to root privileges or
even better configure sudo to limit the commands that people can/need to
run as root.  It is a nice way to permit people to run certain things as
root but not grant root access to the entire system.

Disable direct root login to the box, force a user to login as
themselves then use su or sudo to get root privileges.  

And last always run with the least amount of privileges you can.  Did I
already say that?  :)

-- 
Scot L. Harris
webid at cfl.rr.com

"I've got some amyls.  We could either party later or, like, start his heart."
-- "Cheech and Chong's Next Movie"