www-data needs a real shell ?

6 posts / 0 new
Last post
#1 Sun, 06/29/2008 - 23:12
saoullabit

www-data needs a real shell ?

Hi,

can I remove the sheel of www-data without blocking everything ? May I change its password ? If I have to change its password, it won't block somewhere ?

Best regards.

Sun, 06/29/2008 - 23:48
Joe
Joe's picture

www-data doesn't need a password at all and nologin or false should be its shell--it should be impossible to login as www-data.

If you're trying to login as www-data, it probably means you've configured your box to expect web applications to run under the www-data user and you want to be able to FTP or ssh in as that use to upload files (e.g. you're running without SuExec). We don't recommend that in a shared hosting environment, ever, and it's an unnecessary security weakness in a non-shared hosting environment. If you're having trouble getting suexec working, let us know what problems you're having.

But, yes, Virtualmin doesn't care how the www-data user is configured and whether a human can login as www-data or not.

--

Check out the forum guidelines!

Mon, 06/30/2008 - 01:14 (Reply to #2)
saoullabit

Thanks

I'll give "him" a /dev/null shell :)

Mon, 06/30/2008 - 02:24 (Reply to #3)
sgrayban

www-data requires /bin/sh or you will break things like PHP

Mon, 06/30/2008 - 12:12 (Reply to #4)
Joe
Joe's picture

<div class='quote'>www-data requires /bin/sh or you will break things like PHP</div>

nologin doesn't break mod_php (I know because all of our boxes have nologin for the web server shell). But if he's running everything under suxec, the web server shell never comes into play.

--

Check out the forum guidelines!

Mon, 06/30/2008 - 03:15 (Reply to #5)
saoullabit

arg ....