Apache Friends Support Forum

[what_is_a_user]

Hi,

I know Java well but don't know much about how computers actually work. I've been making my way through "PHP and MySQL Web Development For Dummies".

I'm currently in the chapter about security. The book emphasizes not to "run services such as a Web server, database server, or mail server as root."

Also, the book says:

"You shouldn't run all your services as the same user for the same basic reason that you don't want to run everything as root: When everything runs as the same user, if one service is compromised, they're all exposed...To minimize the damage a cracker can do, the database server should run as its own user, in its own group. For instance,many MySQL servers run as the user mysql in the group mysql. What you call the user and group isn't important. What matters is that this user is isolated from the other operations happening on the server."

EDIT: Just after that bit, the book goes on to say

"The preceding section covers running the database AS ITS OWN USER [my emphasis]. In this section, we switch gears a bit and talk about actual database users -- the users created within the database with privileges to administer...."

But I already know about database users. But what about "running the database as its own user"?

I don't fully understand this, and the book doesn't really elaborate any further. Do they mean user accounts as in desktops on windows? Should I have my MySQL database one one 'desktop', Apache on another, and the php scripts on a third?...

Anything you could tell me would be useful.

Thanks

[Sharley]

I will refer to XAMPP as that is what this forum is about and will be on topic.


When you create a database using phpMyAdmin which is a GUI for the MySQL database server you will first of all access phpMyAdmin as the super user root to create this database.

You will then create a user for that database and give that user a password.

Now that user/password combo will only be able to access the database that is associated with that user/password combo and who will not be able to see or access any other databases.

The super user root has access to manipulate all databases and so you must not create a databases using the super user root if you want that database to be accessed by anyone else.

Treat the super user root as the Super Administrator of all things MySQL and so you would not give out the root/password combo to just anyone.


A server is an app that serves files and folder content on request from a client app like a web browser for example.

The servers in XAMPP are the Apache web page server, MySQL the database server, Filezilla the FTP file server and Mercury Mail the email exchange (server), there is also Tomcat an Apache JAVA server, a Perl script parser and a PHP parser that the Apache web page server uses to parse (interpret) perl and php scripts.

So may I suggest you download and install XAMPP and give all those servers a whirl so you may understand better what you are trying to fathom out in the obscurity of the text in a book - a more hands on approach.

[what_is_a_user]

Thanks for your response. However, I do already have XAMPP installed and have been using it. I also know about created MySQL accounts with specified privileges. I'm pretty sure that's not what the book was talking about. I should have been more specific. Soon after the bit that I quoted, the book says:

"The preceding section covers running the database AS ITS OWN USER. In this section, we switch gears a bit and talk about actual database users -- the users created within the database with privileges to administer...."

But I already know about database users. But what about "running the database as its own user"?

[Sharley]

But I already know about database users. But what about "running the database as its own user"?

The terminology is referring to users and groups which is purely for Linux users and does not apply in a Windows enfironment in this case of MySQL.

For windows this would have been more appropriate - Running the database with it's own user and more understandable wording for non Linux applications and really should have been explained and differentiated.

So in effect in Windows when you create a user for a database they will be running that database as the administrator and the terminology of the author of that "book" is not, in my opinion able to express himself so that dummies can understand his mind.

If you already know so much about the subject then just move on and experiment with databases and users in your XAMPP for Windows and see how it goes and do not rely too much on the expertise of the authors of a books for dummies (which you obviously are not) as usually they are not reference material books but rather only sort of stepping stones to more informed solutions.

Good luck and best wishes.