On 2018-10-28 21:38, Ben Caradoc-Davies wrote:
On 29/10/2018 10:26, Carl Fink wrote:
On 10/28/2018 05:16 PM, mick crane wrote:
what's the deal with www-data ?
I never made that user
I dunno if it has a password or what ?
these are things that some setup / install makes ?
It's created by the Apache installer. Check the Apache docs.
And it should have no password. This user is accessed by switching to
it from root. As a security measure, after binding to privileged
network ports as root, apache switches to user www-data so that, if it
is compromised, the damage is limited. Processes that have dropped
root privileges cannot automatically regain them. Postgres and Tomcat
do the same thing with their own dedicated users.
I'm asking because somebody is saying that webmail server files should
be owned by root but I don't know about that, if somebody as got so far
to be www-data they might as well be root ?
Key ID 4BFEBB31