MiniVend Akopia Services
[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: Running as nobody

Well here's my take on it.

If your webserver runs as nobody, than it has full access to any files
owned by nobody, and can execute any programs, delete and directories, and
alter any content owned by nobody.  Now, you probably don't have any file
deletion CGI's, etc... but it's best to limit the potential exposure
(there are tricks like buffer overflows that might allow the webserver to
do un-intended things for a cracker's advantage).

If you segment your system and isolate different tasks and duties to
different users, than they have less of a possibility to interfere with
each other.  With minivend there are certain things that you want the
webserver to NEVER have access to: the secret pgp keyring of the minivend
user, the order reports, the catalogs directory....

So install and run minivend as it's own user.  On a shared ISP system
install and run it as your login account.  The cgi will run as nobody and
communicate with the minivend daemon which runs as minivend (or you).

It's not at all about functionality as you could run everything as root,
which is what some other operating systems effectivly do, but that would
just be a really bad idea, and you would be very sorry you did it when
the first big problem comes along.

-Erik

On Mon, 30 Aug 1999, kyle@invisio.com wrote:
> We are still looking for the answer why minivend should NOT be run as
> user nobody?
> 
> Thanks,
> KC (Kyle Cook)
>
Search for: Match: Format: Sort by: