Is it a good practice to run a daemon under a non-root user account

access-controldaemonSecurity

I've developed an application that uses NTP to change the network time, to sync two of my computers.
It runs as root, since only the latter is allowed to change the time and date on Linux(I guess).

Now, I want to run it as a user. But, I need to access the time.

Is it a good practice to run a daemon under a non-root user account?
Shall I give my application a capability such as CAP_SYS_TIME?
Does it not introduce a security vulnerability?
Is there a better way?

Best Answer

Is it a good practice to run a daemon under a non-root user account?

Yes, and this is common. For instance, Apache start as root and then forks new process as www-data (by default).
As said before, if your program is hacked (ex: code injection), the attacker will not gain a root access, but will be limited to the privileges you gave to this specific user.

Shall I give a "Capability" such as "CAP_SYS_TIME"?

It is a good idea since you avoid using setuid, and limit permissions to this very specific capability.

Shall I use another way to do so that would be considered "Good Practice"?

You can increase security, for instance:

Run the service as unprivileged user, with no shell.
Use chroot to lock the user in it's home directory.

Related Solutions

permissions security sudo – Allow Specific User or Group Root Access Without Password to /bin/date

You can use the sudo command to accomplish this. If you add the following rule to your /etc/sudoers file like so:

As root or using sudo from your normal user account:

$ sudo visudo

This will open up the /etc/sudoers file in vi/vim. Once opened, add these lines:

Cmnd_Alias NAMEOFTHIS=/bin/date
ALL ALL=NOPASSWD: NAMEOFTHIS

Where "users" is a unix group that all the users are a member of. You can determine what group users are in with either the groups <username> command or look in the /etc/groups and /etc/passwd files.

If you have a section like this, I'd add the rules above here like so:

## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL

# my extra rules
Cmnd_Alias NAMEOFTHIS=/bin/date
ALL ALL=NOPASSWD: NAMEOFTHIS

Security model of Linux password entry

I read with Wayland there comes the infrastructure to prohibit it, but now it's still a problem.

Just see

xinput test-xi2

The first article I read about the problem:

http://theinvisiblethings.blogspot.de/2011/04/linux-security-circus-on-gui-isolation.html

Further and deeper discussion:

http://lwn.net/Articles/517375/

Best Answer

Related Solutions

permissions security sudo – Allow Specific User or Group Root Access Without Password to /bin/date

Security model of Linux password entry

Related Question