Hi, I have programmed for nearly a decade now in a UNIX environment, but recently made the switch from writing modeling programs to writing servlets and other server side code. I have been reading discussions on this list for a while and it seems likely that one of the articulate people who write here might be able to help me. Here is my problem. I inherited a module for Apache that requires Apache to be run as Root. (mod_admin) While this has not been a problem in the current use of the module, it could be a problem if this module is ever run on a server that comes in contact with the real world. Apache runs as Root because the mod_admin does administrative tasks on the server that require root permissions. Client machines can request these tasks via https. Apache + this module is generally run on a Linux box, though there is a reasonable chance it will be ported to a solaris box. I have two questions about this. 1) How vulnerable is this server? All of the standard things have been done to make this a secure server. Unneeded modules have been removed, server-side includes have been disabled, as have CGIs. 2) Would the server be less vulnerable if I ran Apache as something other than root, and set up a pipe to another process on the server that performs the administrative task and runs as root? I tend to think it would be because then the code base that I was using when I was running as Root would not be as widely known. Thank you in advance for your answers and thank you for teaching me so much about Linux in the last few months. Caren __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _______________________________________________ techtalk mailing list [EMAIL PROTECTED] http://www.linux.org.uk/mailman/listinfo/techtalk
