Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-16-2006, 07:24 AM
|
#1
|
LQ Newbie
Registered: Dec 2006
Location: Germany
Distribution: Slackware 12.0
Posts: 10
Rep:
|
location of programs and security
Hello
I just wanted to know if the location of programs does in any way affect the security of my system. Does it make sense to put network related stuff in my homedirectory or is this unnecessary paranoia?
|
|
|
12-16-2006, 07:57 AM
|
#2
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
Why would you want to put network related stuff in your home directory? BTW what do you mean by network related stuff??
Cheers
Arvind
|
|
|
12-16-2006, 08:04 AM
|
#3
|
LQ Newbie
Registered: Dec 2006
Location: Germany
Distribution: Slackware 12.0
Posts: 10
Original Poster
Rep:
|
Things like tor and privoxy. Filesharing programs. Please keep in mind that i'm just a user without a programming background. I just want to know if it makes any difference if i run these programs from my homedirectory and what this diffrence would be.
|
|
|
12-17-2006, 01:23 AM
|
#4
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
No there's no difference wherever you run it from , except that you should be installing software(any software..not just network related) in /opt or any other partition.
Home directory is fine...but it causes confusion incase you run into trouble or need to reorganize. You'd want to have all your software in 1 place so its easy to find.
If you dont have permission to write into /opt then I guess you'll want to create a /home/count_D/software directory and install stuff into that.
Cheers
Arvind
|
|
|
12-17-2006, 08:37 AM
|
#5
|
LQ Newbie
Registered: Dec 2006
Location: Germany
Distribution: Slackware 12.0
Posts: 10
Original Poster
Rep:
|
Thanks for the answer.
|
|
|
12-17-2006, 08:57 AM
|
#6
|
Moderator
Registered: May 2001
Posts: 29,415
|
I just wanted to know if the location of programs does in any way affect the security of my system. Does it make sense to put network related stuff in my homedirectory or is this unnecessary paranoia?
Here's my take on it. If a system service (a "daemon" or serving application) is run it becomes a process. The process is started from the root account user and then run under a specific user. The root account allows for instance the process to be bound to a port below 1024, and the transfer to the user account ("drop rights") gives the process limited rights (as in access to system resources). While daemons start out as a root-owned process, they should not continue running as root-owned process. This goes for TOR, Privoxy, SSH, Apache, and all the other daemons. Make sure the service is not configured with insecure settings and network (public) access is restricted using your firewall and the configuration options. To limit rights further the process can be run under SELinux, RBAC or within a "jail" or "chroot".
If you run an application from your own user account it also becomes a process, but since the process is started by your user the process already has limited rights (OK, except setuid stuff, nevermind here). This is the way your run apps from your console or "desktop" like pine, OpenOffice.org and all the other user applications. Network access can be restricted by the systems firewall. Process rights can be limited further if the system runs SELinux or RBAC.
So, in short: the location is not the most important (except for managability and FSSTND or FHS compliance), but how it is configured to run and who runs it. Running a system service (TOR, Privoxy) from your own user account is not necessary if the system is properly configured, and running user applications from the root user account should not happen (at all unless configuring things requires so).
|
|
|
12-17-2006, 09:59 AM
|
#7
|
Member
Registered: Apr 2004
Distribution: Debian -unstable
Posts: 700
Rep:
|
Quote:
I just wanted to know if the location of programs does in any way affect the security of my system
|
Well.. yes.. if their location is read-only media (Like a CD, or whatever.)
|
|
|
All times are GMT -5. The time now is 07:02 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|