If there is an exploit in that program that allows for remote code execution, I as an attacker could trigger that vulnerability to run code as the root user. If I can take actions on behalf of root
, I own the machine. I can do whatever I want on that device. I can view, modify or delete any file I choose. Any connections that machine has to other applications, I can leverage to then move laterally across the network. The root
user is the highest privilege level, and should be protected for this reason.
If that java app is instead run as the user user
, and user
has sudo permissions, that would still be much more secure than running the app as root. In this case, if I were to exploit a vulnerability that allowed for RCE, I would only have the permissions and access that user
has. I wouldn't be able to run sudo to escalate to root without the password for user
, the hash of which is hidden away in /etc/shadow
(a file that only root can read). So after the initial foothold on the linux machine, I would have to find a privilege escalation vulnerability to exploit in order to get root privileges. This adds a layer of security which helps to prevent high impact compromises.