I'm testing Linux server where Java web application is run as root, I typed:
>ps aux
in the result I see:
root 18265 (...) Sl+ 19:52 0:37 java -Xmx2g -jar test_app.jar
what is the best explanation for admins to convince them to run application not as root? What if user is not root, but in sudo group?
If there is an exploit in that program that allows for remote code execution, I as an attacker could trigger that vulnerability to run code as the root user. If I can take actions on behalf of root, I own the machine. I can do whatever I want on that device. I can view, modify or delete any file I choose. Any connections that machine has to other applications, I can leverage to then move laterally across the network. The root user is the highest privilege level, and should be protected for this reason.
If that java app is instead run as the user user, and user has sudo permissions, that would still be much more secure than running the app as root. In this case, if I were to exploit a vulnerability that allowed for RCE, I would only have the permissions and access that user has. I wouldn't be able to run sudo to escalate to root without the password for user, the hash of which is hidden away in /etc/shadow (a file that only root can read). So after the initial foothold on the linux machine, I would have to find a privilege escalation vulnerability to exploit in order to get root privileges. This adds a layer of security which helps to prevent high impact compromises.
