At 11:01 PM 12/24/2001 +0200, you wrote:
Hi all,
merry xmas to one and all.
Suse 7.3 apache 1.3.20 default user = wwwrun:nogroup
security basics questions :
does this user have a default password ?
No, neither to most other "system" users like "nobody"
and if i passwd it will the webserver still run ?
Yes, but I don't know why you'd do that... it would make more sense to make the htdocs group-writable and chgrp them to "htmleditors" or some other group you create for htdoc editing (or you can just make the accounts used by editors part of the "nogroup" group).
is this default password exploitable ?
No, it's not a password. a * in the password field (in /etc/shadow) acts as a lock-out
thanks in advance
andre
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
---------------------------------------------------- Jonathan Wilson System Administrator Cedar Creek Software http://www.cedarcreeksoftware.com Central Texas IT http://www.centraltexasit.com