Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Daemon process and users?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
unnamedplayer
n00b
n00b


Joined: 06 Sep 2012
Posts: 7

PostPosted: Fri Sep 14, 2012 6:51 am    Post subject: Daemon process and users? Reply with quote

I've been using linux on and off for a few years now, but I've decided to finally get rid of windows completely after reading the convincing introduction in "the linux command line" ;-).
Now I'm trying to set up a little server at home and I was wondering:
I suppose it's not a good idea to run a service (e.g. svn/lampserver/.. ) as root since if there's any vulnerabilities in there they might get access to my system.

But it seems most services are launched at startup as root? I've been googling this a bit and I've seen people starting up their services with scripts changing the user in the startup script.
Is this the only way (or standard way) to do this?

Besides that, I was also wondering if there's any conventions in a linux system for directories used by applications?
I'm trying to install samba aswel, but I'm not sure where to create the shared folders. Same for folders for other applications like utorrentserver etc.

Thanks
Back to top
View user's profile Send private message
eccerr0r
Advocate
Advocate


Joined: 01 Jul 2004
Posts: 3892
Location: USA

PostPosted: Fri Sep 14, 2012 6:10 pm    Post subject: Reply with quote

A lot of applications know how to switch from root to another user (like Apache, Samba, etc.). Those that don't, you could use su to run the application as another user - if they support running as a non-root user. Keep in mind that the "well known" "reserved" ports from 1-1023 or so require root by the kernel to listen to.

Unfortunately for Linux, file locations are not standardized - each distribution has their own place to put files. There has been an attempt to standardize between Linux but it's hard to do with different Linux using different boot mechanisms. This also applies for other Un*xes, all are different...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed to be advocating?
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Sat Sep 15, 2012 4:32 am    Post subject: Re: Daemon process and users? Reply with quote

unnamedplayer wrote:
I suppose it's not a good idea to run a service (e.g. svn/lampserver/.. ) as root

Depends how the service is designed. The 2 good methods are:

    The app starts as root, does some setup as root, then drops to a less-privileged user.
    The startup script runs the service as a less-privileged user, e.g.: su ddclient -c "nice /usr/sbin/ddclient $ARGS"

In addition, I restrict services using AppArmor.

unnamedplayer wrote:
conventions in a linux system for directories used by applications?

The FHS, although it's a loose standard.
Back to top
View user's profile Send private message
unnamedplayer
n00b
n00b


Joined: 06 Sep 2012
Posts: 7

PostPosted: Sat Sep 15, 2012 7:46 pm    Post subject: Reply with quote

Thanks for the info, and thanks for the FHS urls, it was an excellent read. Going to bookmark it for future references ;-)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum