apache => ftp files chown/chmod security question

Discussion in 'The Lounge' started by class101, Nov 21, 2007.

  1. class101

    class101 New Member

    Hello everyone,

    Would llike a small hint for security, is it better to separate the apache owner user from the ftp owned user ? I mean to run apache on a unique user "apache" and administrating my ftp/website files under the ftp server owned by another unique user for example "ftpuser", is it reducing risks if my apache gets hacked for example ? I think it lower the risks to have the attacker owning my website files but I'm not 100% sure yet, any feedbacks on this is appreciated.
     
  2. khiltd

    khiltd New Member

    Yes, every public service should ideally run as a separate user.
     

Share This Page