Securing web server

Hi Everyone,

I have just launched a web site and my hosting company has given me root access (yikes!) via SSH to the web server with 10.3 on it… I really wasn’t expecting this and thought that there would be a nice buffer between me and the big bad world. I was just hoping someone could give me some pointers as to securing the machine in relation to Apache and users and stuff like that. I have setup a user account for myself along with root.

Should I be running Apache as root or as an ordinary user?

It’s not a dedicated server now mind, it’s a virtual private server… don’t know if that makes any difference…


No need to do it, so don’t. Only use root when realy needed.