[SOLVED] Apache

[mylogin99]

Hi I want to ask a question maybe a stupid one Here what i understand saying linux user : i can create various users for example for me , for my brother and so on to log in to system. But what does it mean that apache runs under user wwwrun and group www by default . What kind of user is that ? It's explicitly not a user kind that one I know about . Help me to understand please.

Thanks in advance !

[mylogin99]

heyy , anyone response me please I'm waiting 3 days already

[jcpskins]

It is just a system account user/group and if you look in /etc/paswd it should not contain a shell to login. You may see something similar to:

nobody:99:99:Nobody:/:/sbin/nologin

Just a way for the system to know what user is running what daemon, without being the root user. Hope this helps.

[mylogin99]

And how is this increase security ??? I've read that it would be a unsecure to run apache under the root user . Why ??

[jcpskins]

You do not want apache running as root, since apache usually runs on port 80, then it would be an easy target for hackers to get into your system. running as another user/group then if a hacker did get in at least they would not have root access to your system. Although a good hacker could still get into your system no matter what, this will at least cause another obstacal to overcome. hope that explains it..

[Segfault]

First and foremost, root is not a user. Root is housekeeper, admin, butler if you want, but not user.
Why we do not use root account? Because all processes initiated by root run with root rights. For instance, root running a web browser - all it takes is an insecure plugin or security flaw in browser and attacker has full access to your system.
*nix permissions system is refined over decades. It is designed to protect you. Running an application as root you'll trash it in one swell swoop.

[mylogin99]

Thanks guys