2
1
I'm pretty beginner-level at Linux, and one thing I've always wondered was whether things like Nginx / uWSGI (for a Django project) should be run under a user that was created for that purpose, or whether my normal login that I use to SSH to the server should be used.
orokusaki
Posted 2012-03-03T18:55:05.383
Reputation: 1 044
5
whether things ... should be run under a user that was created for that purpose
Yes, they must run under special user, because, as widely-announced processes in wild, if they (and only they) will be someway compromised (memory-injection as example) they can perform actions on system only with permissions|possibilities of such user (which usually have minimal rights outside own area)
Lazy Badger
Posted 2012-03-03T18:55:05.383
Reputation: 3 557
1
Apache will have the same privileges as the user it runs as. For security reasons, you want to limit the access Apache has to only the particular files it needs to serve the pages you want. Whereas your user account will generally have a broader set of rights.
uSlackr
Posted 2012-03-03T18:55:05.383
Reputation: 8 755
"Must" is a bit strong. A special account is prudent for sure - but his account will work. – uSlackr – 2012-03-08T14:41:35.470