We faced issues in our production server where apache was running as nobody and our crons were running under root and mysql under some other user permissions. The below steps were done by creating a linux user apusr and assigning mysql and apache to run under apusr permissions. Also all crons were moved to crontab under this user profile.
1. Create a new user apusr and a new group apusr.
2. Assign a ppassword for the new user apusr
3. Change the apache config file (httpd.conf)to reflect the new user and group for apache.
User apusr
Group apusr
3.1 Add user=apusr in the mysqld section in my.cnf file
And restart apache.
4. Change the ownership of the /opt folder and any other folder your application is accessing to apusr
chown -R apusr:apusr /opt /mnt
5. Remove all cron entries from root profile and add to the apusr profile.
6. Access to the production server as root should be avoided in future
Wednesday, December 22, 2010
Subscribe to:
Posts (Atom)