Is it a bad idea to grant shell access to the user account destined to be running Apache/Nginx?
I ask because, the Guvnr, in his VPS Bible series, sets up a new user with visudo’d
guvnr ALL=(ALL) ALL
privileges, and then sets up an Nginx server with that user.
Whereas the authors of Nginx HTTP Server recommend that you not grant shell access to the user running Nginx.
You could always remove guvnr’s shell access, but then, how would you administer your websites?
edit: @Bart Silverstrim – Here’s how the guvnr installs Nginx:
- (logged in as user guvnr)
- sudo install nginx dependencies
- user wget nginx source files
- user ./configure –sbin-path=/usr/local/sbin –with-http_ssl_module
- user make
- sudo make install
So perhaps Nginx is being installed to root here?
Is this an ok practice if root login is disabled in /etc/ssh/sshd_config?
Generally it’s a bad idea to give shell access to any account that is created just for a daemon/service to have access to particular system functions that don’t require shell access. That way it’ll prevent someone from breaking an (Internet-facing) service and gaining more privileges than was necessary.
Basically, why increase your attack surface if you don’t need to?
On the flipside, in re-reading the question, it’s not clear that nginx has has a shell account. Was nginx set up BY the guvnr account, or was it granted an actual account of its own? Every application is set up by a user, often with some administrative access. It doesn’t mean that it’s running AS that user always (i.e., just because cat was installed by root doesn’t mean that jdoe running cat is running cat as root.) Only if nginx were running with guvnr’s account privileges or as guvnr would it have access to the shell; it may very well be dropping privileges as soon as it forks or it could have its own nginx account or run as a web user account that has little or no privileges. You might want to do more digging in the config and see just what the server is running as.
Check more discussion of this question.