I'm not talking about the simplicity of creating another user on the system. I just don't see a reason not to host the daemon on root because I don't see any reason to do so.
If the daemon runs as root, someone who compromises the daemon can also load a kernel module to hide his tracks, modify system log files, and so on. I admit, it's a small issue, since if he can steal your wallet, the rest doesn't much matter. 
Topic: Security advantage to run Bitcoin daemon as something else other than root (Read 1705 times)
July 02, 2011, 05:34:29 PM
July 02, 2011, 05:03:05 PM
the light over this:
root is a administrative user, and should not be used, unless the powers of being root is necessary.
it is really very simple to make another user:
but in this case a cant see why you cant use root. but don't do it anyway
root is a administrative user, and should not be used, unless the powers of being root is necessary.
it is really very simple to make another user:
Code:
adduser
but in this case a cant see why you cant use root. but don't do it anyway
I'm not talking about the simplicity of creating another user on the system. I just don't see a reason not to host the daemon on root because I don't see any reason to do so.
But I don't believe the Bitcoin daemon needs any administrative powers, so I'll go ahead and make an account for it.
Thanks
July 02, 2011, 05:02:32 PM
I just wanted to know if there were any security advantages to run the daemon as another user other than root. Since the daemon will be the only thing running on the system, I don't see why not?
Return question: where is the advantage in running it as root? I don't see why?
Generally, it is always a good idea to run services with the minimal privileges required. Just good, common practice.
July 02, 2011, 04:55:31 PM
the light over this:
root is a administrative user, and should not be used, unless the powers of being root is necessary.
it is really very simple to make another user:
but in this case a cant see why you cant use root. but don't do it anyway
root is a administrative user, and should not be used, unless the powers of being root is necessary.
it is really very simple to make another user:
Code:
adduser
but in this case a cant see why you cant use root. but don't do it anyway
July 02, 2011, 04:48:58 PM
I'm setting up an sever dedicated for the Bitcoin daemon to start storing my Bitcoins. I just wanted to know if there were any security advantages to run the daemon as another user other than root. Since the daemon will be the only thing running on the system, I don't see why not?
The only way anybody will be connecting to the server is via an internal IP through json-rpc api calls.
Thanks
The only way anybody will be connecting to the server is via an internal IP through json-rpc api calls.
Thanks
Jump to: