[luau] daemons running as root
Warren Togami
warren at togami.com
Tue Feb 11 16:28:00 PST 2003
tburns at despammed.com wrote:
>> Why would you want to start [sshd] as nobody? You are supposed to
>> start sshd as root. The application itself handles dropping
>> privileges and chrooting.
>
>
> If only! sshd ends up running as root, both if I start it manually or
> if I reboot/restart the service.
>
> And as I say, many (all?) of my other daemons run as root also, isn't
> this considered a security problem? Could I have messed up my passwd
> file or something? What would make my init process run everything as
> root? What log file should I be peeping at to find "hey, I tried to
> lower my privileges, but I failed."
>
> Diffused Dave
>
Most services start as root because that is the only way to grab
"priviledged ports" that is below 1024. After they have grabbed that
port, well designed services like Apache or sshd will change to non-root
users and/or drop capabilities in order to make things more secure.
(Some daemons do not drop root and/or capabilities though. For example
it is fairly common to see poorly configured servers running rsync as
root. Just because xinetd super server runs as root doesn't mean the
things it calls must also run as root.)
What services specifically are you worried about?
Warren
More information about the LUAU
mailing list