OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: cobradevil on February 14, 2017, 01:09:54 pm

Title: Are root privileges needed for running processes like ntp openvpn lighttpd
Post by: cobradevil on February 14, 2017, 01:09:54 pm

Hello all,

I have a question why there are multiple service running as root suchs as:
ntp openvpn lighttpd

my background is more in the linux corner which runs most processes as a non privileged user but maybe there is a good reason I do not know about.

Title: Re: Are root privileges needed for running processes like ntp openvpn lighttpd
Post by: fabian on February 14, 2017, 01:33:33 pm

all of them need to be started as root as they need to bind a well known port (< 1024).

after that, they may be able to drop privileges. OpenVPN still need to be able to change the network configuration and ntp setting the time.
Linux has capabilities, which I am not aware that it would exist on FreeBSD as well. I cannot answer why lighttpd is running as root, because the changes are done by PHP.

Title: Re: Are root privileges needed for running processes like ntp openvpn lighttpd
Post by: bartjsmit on February 14, 2017, 02:31:14 pm

Privilege separation is on the OPNsense roadmap: https://opnsense.org/about/road-map/

Bart...

Title: Re: Are root privileges needed for running processes like ntp openvpn lighttpd
Post by: cobradevil on February 14, 2017, 02:56:31 pm

OK, thanks for clarifying.
I will monitor the roadmap more closely.

Best regards,
William