开发者

Why should I deploy as another site (deploy) user?

开发者 https://www.devze.com 2023-01-02 22:22 出处:网络
What are the benefits of deploying your site as a special \'deploy\' user? And should I run my main domain and subd开发者_如何学运维omains as a single user?Web sites are inherently vulnerable to attac

What are the benefits of deploying your site as a special 'deploy' user? And should I run my main domain and subd开发者_如何学运维omains as a single user?


Web sites are inherently vulnerable to attacks and scammers. They are a gateway between the outside world and physical actions on the data or systems they are deployed on. Keeping them secure and reducing the potential damage a hacker might inflict should always be at the forefront of your mind when deploying mission-critical systems.

With that said, here are some recommended deployment tips:

  • ALWAYS sandbox your web applications in their own permission space. In most operating systems, that means giving them their own unprivileged user account that knows pretty much ONLY about the web app that resides in it's directory space. Take a "Deny all first, allow some second" approach when it comes to granting permissions throughout the operating system to that user.
    IMPLICATIONS: It may be harder to do special things with your app on the system, and may require you to invest some time and money into automated configuration systems, like Puppet or Chef, just so you don't need to remember what those settings were each time. But the main benefit is that if your application is compromised, the attacker most likely will only gain access to that user's account, and therefore won't have permissions to do much damage. Sandboxing is especially key in multi-domain or multi-application environments. If you run on Linux, you might want to look into SELinux.

  • Deployment strategies can vary. The best way I've found is to create a sudo-privileged account on the remote host to deploy through (mr_deployer). This way, your deployment server can use sudo capabilities to configure the system as you see fit, but the web app, when started up, will run as the lowly user you created for it (mr_app). You can just change the permissions of the app files to be owned by my_app right before you start it up. IMPLICATIONS: No web apps should need sudo capabilities. That's a BIG security vulnerability. You aren't NASA. You dont' have the time or expertise to make it foolproof. And even NASA is wrong on occasion.

  • ALWAYS disable root SSH login abilities on your hosts. Unless there is a damn good reason (and even then...), you should never SSH in as root and deploy apps.
    IMPLICATIONS: If you can SSH in, someone else can. The benefit of deploying as a different user is that hackers have a harder time guessing the user name: "root" or "administrator" users are on every system.

  • Just remember: if a hacker can break into a user's app, the user is probably going to be compromised. Reduce the amount of damage one user can do: that is the motto of a lot of system administrators.

Good luck! - Harmon

0

精彩评论

暂无评论...
验证码 换一张
取 消