Find the answer to your Linux question:
Results 1 to 5 of 5
Hi guys, I'm not new to Linux but no expert by any means and currently I'm running Gentoo. Something I've always wondered about is how you go about running services ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2010
    Posts
    3

    Running services as specific users


    Hi guys, I'm not new to Linux but no expert by any means and currently I'm running Gentoo. Something I've always wondered about is how you go about running services as certain users. For example sshd or samba, how would I run those as a certain user other than root? For sshd especially, if I expose my port 22 to the internet to login remotely I'd just like it to not run as root.
    I'm only using sshd as an example really, I'd like to know for future how to do it in general if possible.

    Thanks everyone

  2. #2
    Linux Engineer GNU-Fan's Avatar
    Join Date
    Mar 2008
    Posts
    935
    To start a program as another user, use the "sudo" command.


    For sshd especially, if I expose my port 22 to the internet to login remotely I'd just like it to not run as root.
    This one is tricky. First, port 22 belongs to the privileged ports (up to 1024). These are meant to be used by applications with root-rights. If the application just wants to open the port at the start but its further work does not need root-rights, it can drop the rights after opening the ports. Some webservers do this. They start with root rights, open port 80 for listening and then become a less powerful user in order to contain possible damage.

    However, I don't know if this can work with sshd. sshd must be able to read certain files like passwd, and it must be able to offer you a session as the user you can authorize as.

    But maybe it is still possible.

    What I know you can do, and what I recommend, in sshd:
    - disable direct root logins
    - use a random 5-digit port instead of port 22
    Debian GNU/Linux -- You know you want it.

  3. #3
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,758
    PAM provides greater control over linux services.
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  4. #4
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,758
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  5. #5
    Just Joined!
    Join Date
    Jul 2010
    Posts
    3
    Ok I'll look into PAM thanks.

    sshd was just an example, how about in general just running services as different users?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •