Sudo vs. root
Dotan Cohen
dotancohen at gmail.com
Sun Apr 18 17:34:41 UTC 2010
2010/4/18 Markus Schönhaber <ubuntu-users at list-post.mks-mail.de>:
> 16.04.2010 22:54, Dotan Cohen:
>
>> I have a neighbor who runs some Java server on his Ubuntu machine. He
>> actually logs into the GUI as root and then runs the server from the
>> terminal. He is no computer guru, this is how he was taught to do it.
>> He insists that he has tried to start the server with sudo from a
>> regular user account, but that it "doesn't work": it starts but does
>> not serve. I will go over there on Sunday to take a look at the
>> machine, but before I go I'd like to know if there is any real
>> difference between running an application as root vs. running with
>> sudo.
>
> As others already noted, the difference is probably the environment set
> by sudo.
> OTOH, the really important thing from a security point of view is: thou
> shalt not run applications as root unless absolutely necessary. And,
> moreover, as a rule of thumb, applications which are accessible via an
> untrusted network must not be run as root.
> Your neighbour may be affected by the problem that listening on ports <
> 1024 requires root privileges. But there are workarounds, among them:
> - Use procrun / jsvc, which is, for example, bundled with upstream
> Tomcat and allows a Java application drop privileges after having
> completed privileged tasks.
> - Let the application listen to an unprivileged port and create
> netfilter rules to redirect the traffic from an privileged port.
>
> http://wiki.apache.org/tomcat/FAQ/Security#Q3
>
Thanks. It is actually listening on very high port numbers. But that
is good to know.
--
Dotan Cohen
http://bido.com
http://what-is-what.com
Please CC me if you want to be sure that I read your message. I do not
read all list mail.
More information about the ubuntu-users
mailing list