Sheepdog
Posts: 16
Joined: Sun Aug 21, 2016 7:44 pm

Pi as webserver- security

Mon Aug 06, 2018 12:16 am

Yes, I'm an idiot. No, I am not a completely inexperienced idiot.

I'm new to Pi, but want to set one up as a webserver, open to "the world". It won't be my first Apache server, but a long shot. But will be my first Linux Apache server.

I want to be "secure". I was wondering if it would be a good idea to create a "for this" USER within my Raspbian install on my Pi, to use for when the Pi is running as the webserver? The theory being that if Bad People got "into" my Pi, they'd start off inside the user I created for the webserving, and, with luck, not be able to get beyond that?

My webserver doesn't have to be able to be the fanciest server on the planet. If it can serve up a few static pages, that will be enough of a "play pen" for me for now. I realize that before I'll be able to set up the next Facebook (joke), I may need to learn some extra stuff, and perhaps lock the server down a bit less restrictively.

If dedicated user a good idea, any pointers on choices I should make during setup thereof welcome!

====
Whether you like or don't like my dedicated user idea, any other pointers on things to remember in order to make my server Bad Guy/Gal resistant welcome. (1: Have a strong password for the user. Got that. I've also changed the Pi's hostname away from the default hostname.)
New to Pi and Linux generally... old to computers. Using Raspbian 9 (Stretch) on a Pi 3 B (ver 1.2), apt-get update, apt-get upgrade at least as recently as 5 Aug 2018

User avatar
rpdom
Posts: 16761
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Pi as webserver- security

Mon Aug 06, 2018 7:03 am

When you install Apache on a system like Raspbian, it creates a new user www-data that Apache runs under. Often this user is given read only access to the web pages and another user will be the owner and editor of them.

knute
Posts: 535
Joined: Thu Oct 23, 2014 12:14 am
Location: Texas
Contact: Website

Re: Pi as webserver- security

Mon Aug 06, 2018 5:41 pm

I've run stock apache web servers under linux for years without any problems and pis running apache for a couple of years. Keep your OS and your apache up to date and you should be just fine. Be careful with any CGI scripts that you write.

Return to “Raspberry Pi OS”