-1

Possible Duplicate:
What's wrong with always being root?

I have a server running in a datacenter with strong firewall & VPN protection. I have a few java apps which I have written myself running as these boxes.

Currently I only have root user and run everything as root.

Is there any reason why this might be a bad idea?

DD.
  • 3,024
  • 10
  • 34
  • 50
  • 2
    How confident are you that those java apps contain no vulnerabilities? Be honest now. That's what I thought. **That** is reason #253415 you don't run everything as root. – EEAA Apr 10 '12 at 23:18
  • I can see why you might not want to be root if you are running other buggy apps...however, if I know the apps I have written...why not? – DD. Apr 10 '12 at 23:18
  • 1
    So your code has zero bugs and zero vulnerabilities? – EEAA Apr 10 '12 at 23:21
  • I'm extremely confident about the Java apps...they dont write to the filesystem or do anything I can imagine would harm the system. I dont even see what difference it would make if I ran the java apps as root or as a normal user. – DD. Apr 10 '12 at 23:22
  • Key words there are "I can imagine". Honestly, just don't do it. Read @WesleyDavid's answer below, as well as the dupe QA I linked. – EEAA Apr 10 '12 at 23:25
  • Not using any application servers...buffer overflow in java? – DD. Apr 10 '12 at 23:25
  • 2
    It's been known to happen; even if you trust your code, there could always be an undiscovered bug in the JRE. Or in the system's standard libraries, upon which the JRE depends. Or even in the kernel (there have been some fun ones in Linux). – geekosaur Apr 10 '12 at 23:26
  • I guess my point is I have limited linux experience so it seems like an overhead to do the extra user admin and not just use root in the extremely unlikely case that a bug blows up my server. Even if my server did go down due to a bug...I would reinstall within a few hours and its not mission critical. – DD. Apr 10 '12 at 23:32
  • 5
    "I guess my point is I have limited linux experience" <---- and that is *precisely* why you *should not* be running everything as root. – EEAA Apr 10 '12 at 23:34
  • The other issue you're not considering, by the way, is the amount of damage your server could be used to cause to others (which could well come back to haunt you in the form of legal liability or datacenter charges, among other ways; consider in particular your data center's terms of service). It's much lower if `root` isn't involved. – geekosaur Apr 10 '12 at 23:35
  • 2
    You cannot realistically have confidence in any code your write if that code relies on other code which you did not write and have absolutely no control over. Extreme confidence is one of the most under-rated security risks. – John Gardeniers Apr 10 '12 at 23:58
  • Extra user admin? A few minutes (if that) of commands, done once. – ceejayoz Apr 11 '12 at 03:10

1 Answers1

9

Your precautions have mitigated a large percentage of the threats that feast on low hanging fruit. I commend you for that.

Two Three broad categories of threats remain:

1. You.

You are your own worst enemy. I am mine. Running everything as root means that you are always one swift keystroke away from doom and lamentation. Even if you know your apps, there are always bugs and squirrely things waiting to be found that you didn't know about. If they are found with root, then weep and howl for your miseries which are coming upon you.

2. Others.

Even if you've mitigated the large percentage of threats that exist in the wild, there are always vulnerabilities that you hadn't thought of or didn't know about. Sure your firewall, VPN and etc. and etc. are safe, but really... maybe your switches aren't or your update server or your... you get the idea. If things are nicely segregated, then you can sleep that little bit better at night knowing that even if there's something that you didn't know about (and there is) at least you've put a few more hurdles in the path to total destruction.

3. Resource Depletion

Running a process as root means it has unfettered access to your server's resources and has the potential to bring it to its knees. Whether that's through a memory leak, maxxing out inodes or a few other possibilities - it's all bad and can more easily be mitigated by running it as a non-root user.

Wesley
  • 32,320
  • 9
  • 80
  • 116