Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] default apache user wwwrun
  • From: JW <jw@xxxxxxxxxxxxxxxxxx>
  • Date: Mon, 24 Dec 2001 15:58:27 -0600
  • Message-id: <5.1.0.14.0.20011224155541.033e4600@xxxxxxxxxxxxxxxxxxxxxxx>
At 11:01 PM 12/24/2001 +0200, you wrote:
>Hi all,
>
>merry xmas to one and all.
>
>Suse 7.3 apache 1.3.20
>default user = wwwrun:nogroup
>
>security basics questions :
>
>does this user have a default password ?

No, neither to most other "system" users like "nobody"

>and if i passwd it will the webserver still run ?

Yes, but I don't know why you'd do that... it would make more sense to make the htdocs group-writable and chgrp them to "htmleditors" or some other group you create for htdoc editing (or you can just make the accounts used by editors part of the "nogroup" group).

>is this default password exploitable ?

No, it's not a password. a * in the password field (in /etc/shadow) acts as a lock-out

>thanks in advance
>
>
>andre
>
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>

----------------------------------------------------
Jonathan Wilson
System Administrator

Cedar Creek Software http://www.cedarcreeksoftware.com
Central Texas IT http://www.centraltexasit.com


< Previous Next >
Follow Ups