[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] Looking down apache on a windows system.



On Wed, 09 Mar 2005 14:19:12 +1100, Michael dale <mdale@xxxxxxxxxxxxx> wrote:
> 
> Thanks for that.
> 
> I already run php as a module. The main problem I've found is running apache
> on windows with the default user, this account has "root" access to the
> entire windows systems.
> 
> I've since added an "apache" user on windows and will go from there.
> 
> Although in the end I plan on moving everything over to my freebsd box as
> the windows permissions just cannot do what I need done.

If you set up the appropriate security groups on your server, and
implement a severe GPO for the 'web' group  (which could have users
for apache, mysql/postgres, etc) that can help to lock down what the
process accounts have access to. I've got an apache user that only can
access apache related files and directories and nothing else, which
works a treat (kind of like running in jail/gaol on linux). This is
easier to do in a Windows Server Domain environment using AD, although
it can also be done in a workgroup environment on a standalone
workstation/server.

Cheers,
Andi.

-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for help.