- Newest
- Most votes
- Most comments
Hello.
"ec2-user" is the default user, so it is easily used for unauthorized logins.
Therefore, we recommend that you create a Linux user other than "ec2-user" and add it to the Apache group.
I also think it would be effective to set a password for a Linux user using the "passwd" command.
Is it a security issue to add ec2-user to apache group, and add write permission to the apache group? Can this setup be used for production?
The documentation you provided states:
ec2-user
(and any future members of theapache
group) can add, delete, and edit files in the Apache document root, enabling you to add content, such as a static website or a PHP application.
Therefore the main purpose of changing the owner and the permissions for /var/www
is for development and collaboration.
In production, granting write access by adding ec2-user
to security group is not necessary a security issue if you need to dedicate deployment or hot-fix tasks to ec2-user
. Generally, you should perform operational tasks using a user with lower privileges, and avoid to use root
user if possible to mitigate risks.
Relevant content
- asked 7 months ago
- asked 5 months ago
- asked a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 7 months ago