OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Are root privileges needed for running processes like ntp openvpn lighttpd
« previous next »
  • Print
Pages: [1]

Author Topic: Are root privileges needed for running processes like ntp openvpn lighttpd  (Read 2690 times)

cobradevil

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
Are root privileges needed for running processes like ntp openvpn lighttpd
« on: February 14, 2017, 01:09:54 pm »
Hello all,

I have a question why there are multiple service running as root suchs as:
ntp openvpn lighttpd

my background is more in the linux corner which runs most processes as a non privileged user but maybe there is a good reason I do not know about.
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Are root privileges needed for running processes like ntp openvpn lighttpd
« Reply #1 on: February 14, 2017, 01:33:33 pm »
all of them need to be started as root as they need to bind a well known port (< 1024).

after that, they may be able to drop privileges. OpenVPN still need to be able to change the network configuration and ntp setting the time.
Linux has capabilities, which I am not aware that it would exist on FreeBSD as well. I cannot answer why lighttpd is running as root, because the changes are done by PHP.
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1538
  • Karma: 166
    • View Profile
Re: Are root privileges needed for running processes like ntp openvpn lighttpd
« Reply #2 on: February 14, 2017, 02:31:14 pm »
Privilege separation is on the OPNsense roadmap: https://opnsense.org/about/road-map/

Bart...
Logged

cobradevil

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
Re: Are root privileges needed for running processes like ntp openvpn lighttpd
« Reply #3 on: February 14, 2017, 02:56:31 pm »
OK, thanks for clarifying.
I will monitor the roadmap more closely.

Best regards,
William
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Are root privileges needed for running processes like ntp openvpn lighttpd
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2