1

It took me a while to understand what's going on here (I think), but can someone explain to me if there are security risks with regards to my logic of what's going on here as I am trying to set up a home web server as a developer with some good Linux knowledge?

Ubuntu is not like other systems, as it has restricted the root user account. You can not log in as root or su to root. This was a problem for me as I have had to install numerous applications and services to /opt as per user documentation (XAMPPfor Linux is a good example). The problem here is that this directory is owned by root:root. I notice that my admin user account does not belong to root group through the following command:

groups username so my understanding is that even though the files and services that I place in /opt belong to root, executing them by means of sudo (as required) does not mean that they are run as root? I imagine that the sudo command is hidden somewhere under belonging to the root user and has a 775 permission? So the question I have is if running a service like Tomcat, Apcahe, etc exposes my system like on other systems? Obviously I need to secure these in configurations, but isn't the golden rule to never run something as root? What happens if I have multiple services running under same user/group with regards to a compromised server?

thejartender
  • 141
  • 7
  • 1
    I never understood why people bother with XAMPP when Apache, MySQL and everything else can be easily installed from Ubuntu repositories, which would ensure correct permissions, start scripts, sane default configs and timely security updates. – Sergey Nov 02 '12 at 12:29
  • @SergeyBecause for some of us, we don't just use a single system. Especially so if I am looking at getting a server for my own hosting needs and perhaps putting up a few VM's for what's excess. Besides I had to drift from aptitude when they started serving outdated packages that took months to update. How long was tomcat6 all that one could get from aptitude whilst my hosting provider had Tomcat 7? Others may just like to enjoy any version of Linux as a DIY system. – thejartender Nov 02 '12 at 14:20
  • 1
    If you care about security you either have to trust Ubuntu package maintainers, who know a bit about those matters, or to have a deep understanding of how a Linux system works security-wise yourself. I expect your hosting provider to have experienced Linux admins, so I would trust they can install and configure Tomcat properly. Building a DIY system is great and fun, but putting it in production without basic understanding of how things work is going to get you in trouble. – Sergey Nov 02 '12 at 21:11

1 Answers1

3

Ok, here's some security 101:

  • regarding the root account, Ubuntu is very much like any other Debian-based system, in that root has no password set, so you can't log in as root directly and have to use sudo instead. If you need to use su, you can start it with sudo su. More details on sudo

  • the fact that an executable is owned by root does not mean that it has to be run with sudo, any user with read and execute privileges is able to run such program. In fact, most programs in Ubuntu are owned by root, yet you can run gedit and stuff. The "effective user" of the running process will match the user who started the program, not who owns the executable. So, technically, you can run Apache and everything as your non-admin user, but there's one "if"...

  • as a security measure, in Linux systems a process can not bind to ports below 1024 unless its effective user is root. So if you want Apache to listen on port 80, it has to be started as root. Which is an obvious security issue. But you can run it on, say, port 8080.

  • To avoid security issues of running with root privileges, Apache and some other network services drop their privileges after binding to network ports, so it performs absolute minimum of work as root and then switches its effective user id to some pre-configured user with very minimal privileges (no password, no login shell etc.) Effective user and group are set in the application's configuration files (User and Group directives in httpd.conf in case of Apache)

  • some other services can't drop their privileges so they have to be started as a non-privileged user from the boot scripts.

  • When you install packages from Ubuntu repositories, they usually create restricted user accounts for each service (mysql, postgres etc.) and configure the services to each run with their own effective user. This is considerably safer than running services as the user you log in with.

Community
  • 1
Sergey
  • 43,665
  • That's a nice answer there. Thank you. I thought file permissions were coupled with processes. IOW I thought that interacting with a 'rootowned file meant that you had to belong to aroot` group and the same with executables. This article was also useful in addition to your answer: https://help.ubuntu.com/community/RootSudo – thejartender Nov 02 '12 at 23:02