
www-data is the user (and also group) that the service httpd (apache) is acting with on your system.


    Some web servers run as www-data. Web content should not be owned by this
    user, or a compromised[缺乏免疫力的] web server would be able to rewrite a web site. Data
    written out by web servers will be owned by www-data.
【这么理解: 可读权限,就是去读,但不能写,如果服务器有写的权限,那服务器就有可能被人利用网文件里写东西,后果不敢设想.】


The files are not world writeable. They are restricted to the owner of the files for writing.

The web server has to be run under a specific user. That user must exist.

If it were run under root, then all the files would have to be accessible by root and the user would need to be root to access the files. With root being the owner, a compromised webserver would have access to your entire system. By specifying the specific ID a compromised server would only have full access to the server.

如何获取 apache user 



ps axo user,group,comm | egrep '(apache|httpd)' | grep -v ^root | cut -d\  -f 1 | uniq







posted @ 2018-03-30 17:47  qqisnow2021  阅读(306)  评论(0编辑  收藏  举报