Sudo vs. root
ubuntu-users at list-post.mks-mail.de
Sun Apr 18 13:48:00 UTC 2010
16.04.2010 22:54, Dotan Cohen:
> I have a neighbor who runs some Java server on his Ubuntu machine. He
> actually logs into the GUI as root and then runs the server from the
> terminal. He is no computer guru, this is how he was taught to do it.
> He insists that he has tried to start the server with sudo from a
> regular user account, but that it "doesn't work": it starts but does
> not serve. I will go over there on Sunday to take a look at the
> machine, but before I go I'd like to know if there is any real
> difference between running an application as root vs. running with
As others already noted, the difference is probably the environment set
OTOH, the really important thing from a security point of view is: thou
shalt not run applications as root unless absolutely necessary. And,
moreover, as a rule of thumb, applications which are accessible via an
untrusted network must not be run as root.
Your neighbour may be affected by the problem that listening on ports <
1024 requires root privileges. But there are workarounds, among them:
- Use procrun / jsvc, which is, for example, bundled with upstream
Tomcat and allows a Java application drop privileges after having
completed privileged tasks.
- Let the application listen to an unprivileged port and create
netfilter rules to redirect the traffic from an privileged port.
More information about the ubuntu-users