On 29/10/2018 10:26, Carl Fink wrote:
On 10/28/2018 05:16 PM, mick crane wrote:
what's the deal with www-data ?
I never made that user
I dunno if it has a password or what ?
these are things that some setup / install makes ?
It's created by the Apache installer. Check the Apache docs.
And it should have no password. This user is accessed by switching to it
from root. As a security measure, after binding to privileged network
ports as root, apache switches to user www-data so that, if it is
compromised, the damage is limited. Processes that have dropped root
privileges cannot automatically regain them. Postgres and Tomcat do the
same thing with their own dedicated users.
Kind regards,
--
Ben Caradoc-Davies <b...@transient.nz>
Director
Transient Software Limited <https://transient.nz/>
New Zealand
