running a daemon as non root user

[fran1942]

Hello, I am installing a daemon and the recommendation is to run it as a non root user (they say highly recommended).
Can someone please tell me the actual reasons for doing this ?

Thanks for any help.

[Irithori]

If a daemon is reachable via network and running as root, then any vulnerability potentially compromises the server as a whole.
If it runs as a user, the impact is restricted to what the user is allowed.

[Alpha90]

Running the daemon as non root as partially how unix / linux security works. Basically working on the principle of giving users/daemons least access as possible to get the job done makes the most secure system.

[Krendoshazin]

As Irithori mentioned: running a program as a particular user will allow the program to access only what the user has access to. Unix is a true multiuser environment, and it's designed from the ground up with this kind of security in mind. At the current moment I'm running BIND in a chroot jail with the user named which means that if BIND were compromised, the attacker would only have access to the files stored under /srv/named -- which contains only the stuff necessary to run BIND.