I know this is a na�ve question, and slightly irrelevant to the newsgroup...
I keep getting told left and right not to work as root. I heeded this advice a while back and created a user. Here is the thing. My RH 7.3 box, running Apache 1.3.27 & Tomcat 3.1.17 (no I haven't gotten them connected with mod_jk yet:) ) is logged in as root. But I work on my files through a secure shell from my workstation, where I log in as the user I created. Is it not safe to leave my box logged in as root? My concern is when people access my website can they somehow get into my box and wreak havoc? For example with my current setup people are accessing a website hosted on a machine that is logged in with root access.... Is it better that I sign in on the actual box as this created user only changing login to root as needed or does the logon of the actual box not matter as long as I am not messing around as root...? If I should sign onto the box as this user, how can I make sure this user has rights to Apache and Tomcat? (as of right now this user has rights to execute java commands, but I am not sure if there is anything special I need to do for apache and tomcat). On a side note is there anyway to create a user that has "almost" root access but can't do the damage root can do? Again na�ve, but thought I would throw it out here anyway :) Thanks!! Denise Mangano -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
