On linux ami the only way to easily run systemctl for my server is by running
sudo systemctl start node
In the service:
/etc/systemd/system/node.service
sudo seems to be mandatory for the 'enable', 'status', 'start' and 'stop' systemctl commands to work (I know there are tutorials out there to run as 'user' and not need to use sudo, but I have not been able to get them to work)
I have
[Service]
User=ec2-user
So the user is 'ec2-user' and no 'root'. So I am wondering if although I am running systemctl as root, the service itself is run as ec-2user.
Potential security risks as I understand include end-user using the webapp and uploading malicious files through the API stack - those files may then save my server for specific end-points (like when uploading a PDF or image), then this is where it gets hazy for me, but if the end-user instead uploaded 'some kind of script' to put malware onto the server's disk instead of uploading a PDF or image.... then.... because systemctl was run as root, then the script would have might have the permissions to execute on my server or do some kind of 'command and control'?
Or is the fact that systemctl is run as 'ec2-user' and not 'root' prevent malicious files from being uploaded and executed on the stack? And I am therefore safe to run sudo systemctl ... commands so long as the [Service] user is non-root ?
This is a general question, but to have one specific example, I know ImageMagick has been riddled with this kind of security vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2016/05/04/ImageMagick-Vulnerability
