On Thu, Sep 04, 2008 at 07:55:09AM +0200, Krist van Besien wrote:
> On Wed, Sep 3, 2008 at 18:12, Joseph S D Yao <[EMAIL PROTECTED]> wrote:
>
> > Doing everything as root is just plain bad security. Plan around it.
>
> That is why sudo is so convenient. I never meant that you would need
> to do everything as root, only that you needed to be able to do things
> as root. I almost never do a su - root, and use sudo almost whenever I
> need root powers.
>
> I keep my config files writable only by root, and use sudoedit to edit
> them. I use sudo apachectl to restart apache etc...
Sudo without "-u ..." is root. Plan how to do without it. Does it
matter whether you say:
$ su
# cd /
# ls tmp/"temp files "*
# rm -rf tmp/"temp files" *
or
$ cd /
$ ls tmp/"temp files "*
$ sudo rm -rf tmp/"temp files" *
? Either way, you're history.
Have your files owned by a system account and readable by the Web
server account, and 'su' or 'sudo' to that account to RCS control and
edit them.
Then again, this may be a level of effort too great for casual Web sites
that can be easily reconstructed by hand, and where it doesn't really
matter if it is off the Web for a while. For such personal-use systems,
doing everything as "root" is fine, since the only one upset with you if
you make such a mistake, will be you. ;-)
--
/*********************************************************************\
**
** Joe Yao [EMAIL PROTECTED] - Joseph S. D. Yao
**
\*********************************************************************/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
