Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Sep 2012
running a daemon as non root user
Can someone please tell me the actual reasons for doing this ?
Thanks for any help.
If a daemon is reachable via network and running as root, then any vulnerability potentially compromises the server as a whole.
If it runs as a user, the impact is restricted to what the user is allowed.You must always face the curtain with a bow.
- Join Date
- Apr 2012
Running the daemon as non root as partially how unix / linux security works. Basically working on the principle of giving users/daemons least access as possible to get the job done makes the most secure system.
As Irithori mentioned: running a program as a particular user will allow the program to access only what the user has access to. Unix is a true multiuser environment, and it's designed from the ground up with this kind of security in mind. At the current moment I'm running BIND in a chroot jail with the user named which means that if BIND were compromised, the attacker would only have access to the files stored under /srv/named -- which contains only the stuff necessary to run BIND.