Sudo vs. root

Markus Schönhaber ubuntu-users at list-post.mks-mail.de
Sun Apr 18 13:48:00 UTC 2010


16.04.2010 22:54, Dotan Cohen:

> I have a neighbor who runs some Java server on his Ubuntu machine. He
> actually logs into the GUI as root and then runs the server from the
> terminal. He is no computer guru, this is how he was taught to do it.
> He insists that he has tried to start the server with sudo from a
> regular user account, but that it "doesn't work": it starts but does
> not serve. I will go over there on Sunday to take a look at the
> machine, but before I go I'd like to know if there is any real
> difference between running an application as root vs. running with
> sudo.

As others already noted, the difference is probably the environment set
by sudo.
OTOH, the really important thing from a security point of view is: thou
shalt not run applications as root unless absolutely necessary. And,
moreover, as a rule of thumb, applications which are accessible via an
untrusted network must not be run as root.
Your neighbour may be affected by the problem that listening on ports <
1024 requires root privileges. But there are workarounds, among them:
- Use procrun / jsvc, which is, for example, bundled with upstream
Tomcat and allows a Java application drop privileges after having
completed privileged tasks.
- Let the application listen to an unprivileged port and create
netfilter rules to redirect the traffic from an privileged port.

http://wiki.apache.org/tomcat/FAQ/Security#Q3

-- 
Regards
  mks




More information about the ubuntu-users mailing list