Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am not sure as to whether or not this is the correct section but here goes.
I'm currently setting up a Web server running Debian. I have managed to get a few basic services running eg HTTP, FTP etc. But I have been struggling with the mail server. While reading around the setup procedure for mail server, I came across a few documents which have caused me some confusion.
I am currently using the root user to download, install, configure and start the various services. I was under the impression that only root could be used to install and start such services. However I have now heard about how running programmes as root can cause security holes. is this correct? if it is, how can I setup a normal user to start the various programs without causing problems.
I'm reading some admin guides atm but I'd like a quick answer so I can start the programs. I'm not keen on having my server running if it can be compromised.
I am not sure as to whether or not this is the correct section but here goes.
Sure is.
Depends on the SMTP you're using. Generally speaking only root is allowed to perform some tasks on a system, open ports below 1024, access some resources, etc etc, so that's why root is used to start services. If you're looking at for instance Apache you'll notice the parent thread is run by root, and the children run with a lesser privileged user. This is no problem because the parent doesn't handle incoming requests at all: only the children do. Other services will start up as root but drop privileges and run as a lesser privileged user. This usually is a compiletime or config option. Services that don't use these mechanisms to separate privileges maybe could be run from a chroot. Doesn't work with all of them tho, some will want to access resources outside the chroot.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.