T
T
Taras Labiak2014-10-02 21:02:11
linux
Taras Labiak, 2014-10-02 21:02:11

Is LAMP possible without root?

Suppose we have configured a certain distribution so that it does not allow the root user to log in by default. You can log in as root only if the kernel is running with special parameters. Or even better - a completely different core, without functional restrictions. Those. on normal startup, it will be truncated for greater security. Please omit the discussion of the very possibility of such a setup and launch, and consider only from the point of view. application software.
Is it possible to configure the normal functioning of LAMP (or nginx postgresql 9+ python 2.* and 3+) , taking into account the fact that the server may be unavailable once a day for an hour for maintenance, i.e. then it will run as root?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
V
Valentine, 2014-10-02
@vvpoloskin

Well, yes, from the technical limitations there will be only the inability to hang nginx on port 80. And so you yourself will assemble the packages with the necessary prefixes and will run the binaries or make a self-made script to run.
The inability to run on the 80th port is bypassed either through the replacement of ports (proxy?) on another machine, or a patch in the kernel.
But in general, virtualization is a proven way for such actions - you stick some kind of openvz, there will be a website on one virtual machine, and your secret data on the other.

S
Sergey, 2014-10-02
Protko @Fesor

the server may be unavailable once a day for an hour for maintenance,

who needs a server with such uptime? If at the time of work the data will somehow migrate, then the norms.

S
Sergey Petrikov, 2014-10-02
@RicoX

You should go to the factory, design bicycles, such potential disappears. Technically, you can set it up, it practically does not make the slightest sense. will add hemorrhoids to maintenance and add nothing to safety. If you really want to have sex, then go ahead, and there are many ready-made recipes and practices for various security cases. (Most common: sandbox, containers, VMs, selinux, .... )

A
Alex Chistyakov, 2014-10-02
@alexclear

To be honest, I didn't understand the question at all.
Have you looked at the grsecurity project ? In it, you can configure the authorization system so that root is no longer the superuser. If this is the goal, then here it is solved in this way, using add-ons over the traditional Unix DAC.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question