Kevin Karhan :verified: · @kkarhan
1233 followers · 81271 posts · Server mstdn.social@nixCraft that is actually true...
Unless someone provides a program with #root #privilegues it can only mess up the $HOME of the user account which it runs under.
This is why the default config for servers like #Apache and #PostgreSQL to literally be run as #daemons or rather #systemD services under dedicaded user accounts, so a webserver - even when hacked - can't f**k up the system.
It's part of the #KISS-Approach to #Users and #Groups in #POSIX and is supplemented with #AppArmour...
#apparmour #posix #Groups #users #kiss #systemd #daemons #PostgreSQL #apache #privilegues #Root