You are not logged in.
Hi, as long as I understand, the point in running, say, Apache as user 'http' (which owns only apache's files and webapps' files) is that if somebody executes malicious code inside the server code (using a bug in it or smt like that), it cannot affect system files, since user 'http' has no permissions to do so. Well, that seems pretty effective for security...
BUT I'm working with Ruby On Rails now, and decided to use nginx+Passenger for deployment of my app. Since it's the first time I setup a production-ready linux server, I've never though about security before. And, to my disaster, whenever I try to run nginx as my own user ('nate' of group 'users' if that matters) it requires root privileges, or at least I think so because it says that permission was denied to bind onto local IP-address (and it starts successfully as root).
The same actually applies to MySQL, it starts only as root also (despite the fact that everything it needs to work is owned by its user, 'mysql').
So the question is - is this the way it should work? Or do I miss something important about servers and users, because running potentially buggy software as root is obviously a security risk?
Thanks in advance.
Offline
From my understanding the processes start as root and then get dropped to user privileges.
I believe that any ports below 1024 require root privalges in order for a service to bind to them (http, postfix, imap, etc...)
Hopefully someone with a bit more knowledge can pipe in.
Offline
First of all, thanks for the reply.
From my understanding the processes start as root and then get dropped to user privileges.
But they still appear in 'ps ax' output as if they are running as root..
I believe that any ports below 1024 require root privalges in order for a service to bind to them (http,
postfix, imap, etc...)
MySQL uses port 3306..
So we definately need someone with more knowledge to pipe in
Offline
I believe that any ports below 1024 require root privalges in order for a service to bind to them (http, postfix, imap, etc...)
Well, I checked that, and it seems like it's true. Maybe I've just setup something wrong with mysql.
But still, can somebody comment on this issue?
Is it even possible to run web server without root privileges?
Offline
dovecot 2516 0.0 0.1 3596 1464 ? S Nov30 0:00 managesieve-login
dovecot 15941 0.0 0.1 3596 1580 ? S 14:55 0:00 imap-login
dovecot 15961 0.0 0.1 3596 1584 ? S 14:56 0:00 imap-login
dovecot 15987 0.0 0.1 3596 1584 ? S 14:58 0:00 imap-login
dovecot 28533 0.0 0.1 3596 1464 ? S Nov30 0:00 managesieve-login
dovecot 28586 0.0 0.1 3596 1460 ? S Nov30 0:00 managesieve-login
root 28527 0.0 0.0 1948 672 ? Ss Nov30 0:03 /usr/sbin/dovecot
vmailer 28529 0.0 0.2 9072 2144 ? S Nov30 0:01 dovecot-auth
vmailer 28530 0.0 0.2 8940 2368 ? S Nov30 0:00 dovecot-auth -w
mysql 1538 0.0 1.7 116724 18176 ? Sl Nov22 5:59 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/lib/mysql/mongo.err --pid-file=/var/lib/mysql/mongo.pid --socket=/var/run/mysqld/mysqld.sock --port=3306
root 1440 0.0 0.0 2852 892 ? S Nov22 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql
As you can see there is one root process which spawned a child process. You can read about mysqld_safe which root runs. From what I understand the root process will read the config (/etc/mysql/my.cnf [owned by root]) and than pass everything on to the mysqld process which is owned by mysql. Also when a daemon gets started (in rc.conf) it is being started as root. So in instance I have ddclient running as root, as I started the daemon at boot and the program doesn't support the ability to drop permissions to other users.
Last edited by pyther (2009-12-03 20:10:06)
Offline
What about using "sudo" to start a process as a less privileged user ?
Offline
What about using "sudo" to start a process as a less privileged user ?
As far as I know sudo starts programs as root.
So I suppose the answer to this problem - it depends on application implementation, isn't it? For example, some server that listens on port lower than 1024 must be started as root to bind on it, but it may drop permissions to other user if it supports it.
If it's correct, then the problem is solved
Last edited by nate56 (2009-12-04 05:32:49)
Offline
sudo executes a command as another user. You can specify which user with the '-u' option. So, let's say, if you want to start ddclient (which doesn't bind to any reserved ports since it doesn't even listen for incoming connections if I remember correctly) as user "ddclient" (which let's say has only write access to /var/cache/ddclient), then, instead of just having a command "ddclient some_options" you have "sudo -u ddclient ddclient some_options". And that should make your new ddclient process runs as user ddclient instead of your current user.
I did not test it (and I don't have ddclient installed on my current computer), but I guess that could work, would it ?
Offline
Yeah, that should work I think.
"sudo -u user command" is actually a synonym for "su -c "command" user", where user is root by default. The only difference is that for sudo you must specify password of current user (from which you are executing it), where for su you specify password of user that you want to execute command as.
Offline