- 最新
- 最多得票
- 最多評論
Hello.
"ec2-user" is the default user, so it is easily used for unauthorized logins.
Therefore, we recommend that you create a Linux user other than "ec2-user" and add it to the Apache group.
I also think it would be effective to set a password for a Linux user using the "passwd" command.
Is it a security issue to add ec2-user to apache group, and add write permission to the apache group? Can this setup be used for production?
The documentation you provided states:
ec2-user(and any future members of theapachegroup) can add, delete, and edit files in the Apache document root, enabling you to add content, such as a static website or a PHP application.
Therefore the main purpose of changing the owner and the permissions for /var/www is for development and collaboration.
In production, granting write access by adding ec2-user to security group is not necessary a security issue if you need to dedicate deployment or hot-fix tasks to ec2-user. Generally, you should perform operational tasks using a user with lower privileges, and avoid to use root user if possible to mitigate risks.
相關內容
- 已提問 7 個月前
AWS 官方已更新 1 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前