Find the answer to your Linux question:
Results 1 to 4 of 4
Like Tree1Likes
  • 1 Post By Irithori
Hello, I am installing a daemon and the recommendation is to run it as a non root user (they say highly recommended). Can someone please tell me the actual reasons ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2012
    Posts
    7

    running a daemon as non root user


    Hello, I am installing a daemon and the recommendation is to run it as a non root user (they say highly recommended).
    Can someone please tell me the actual reasons for doing this ?

    Thanks for any help.

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,411
    If a daemon is reachable via network and running as root, then any vulnerability potentially compromises the server as a whole.
    If it runs as a user, the impact is restricted to what the user is allowed.
    elija likes this.
    You must always face the curtain with a bow.

  3. #3
    Linux Newbie
    Join Date
    Apr 2012
    Posts
    129
    Running the daemon as non root as partially how unix / linux security works. Basically working on the principle of giving users/daemons least access as possible to get the job done makes the most secure system.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    As Irithori mentioned: running a program as a particular user will allow the program to access only what the user has access to. Unix is a true multiuser environment, and it's designed from the ground up with this kind of security in mind. At the current moment I'm running BIND in a chroot jail with the user named which means that if BIND were compromised, the attacker would only have access to the files stored under /srv/named -- which contains only the stuff necessary to run BIND.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •