- Date: Mon, 29 Oct 2018 10:38:54 +1300
- From: Ben Caradoc-Davies <ben@xxxxxxxxxxxx>
- Subject: Re: www-data
On 29/10/2018 10:26, Carl Fink wrote:
On 10/28/2018 05:16 PM, mick crane wrote:
what's the deal with www-data ?
I never made that user
I dunno if it has a password or what ?
these are things that some setup / install makes ?
It's created by the Apache installer. Check the Apache docs.
And it should have no password. This user is accessed by switching to it
from root. As a security measure, after binding to privileged network
ports as root, apache switches to user www-data so that, if it is
compromised, the damage is limited. Processes that have dropped root
privileges cannot automatically regain them. Postgres and Tomcat do the
same thing with their own dedicated users.
Ben Caradoc-Davies <ben@xxxxxxxxxxxx>
Transient Software Limited <https://transient.nz/>