www-data needs a real shell ?


can I remove the sheel of www-data without blocking everything ?
May I change its password ?
If I have to change its password, it won’t block somewhere ?

Best regards.

www-data doesn’t need a password at all and nologin or false should be its shell–it should be impossible to login as www-data.

If you’re trying to login as www-data, it probably means you’ve configured your box to expect web applications to run under the www-data user and you want to be able to FTP or ssh in as that use to upload files (e.g. you’re running without SuExec). We don’t recommend that in a shared hosting environment, ever, and it’s an unnecessary security weakness in a non-shared hosting environment. If you’re having trouble getting suexec working, let us know what problems you’re having.

But, yes, Virtualmin doesn’t care how the www-data user is configured and whether a human can login as www-data or not.


I’ll give “him” a /dev/null shell :slight_smile:

www-data requires /bin/sh or you will break things like PHP

arg …

www-data requires /bin/sh or you will break things like PHP

nologin doesn’t break mod_php (I know because all of our boxes have nologin for the web server shell). But if he’s running everything under suxec, the web server shell never comes into play.