Are root privileges needed for running processes like ntp openvpn lighttpd

Started by cobradevil, February 14, 2017, 01:09:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 14, 2017, 01:09:54 PM
Hello all,

I have a question why there are multiple service running as root suchs as:
ntp openvpn lighttpd

my background is more in the linux corner which runs most processes as a non privileged user but maybe there is a good reason I do not know about.
February 14, 2017, 01:33:33 PM #1
all of them need to be started as root as they need to bind a well known port (< 1024).

after that, they may be able to drop privileges. OpenVPN still need to be able to change the network configuration and ntp setting the time.
Linux has capabilities, which I am not aware that it would exist on FreeBSD as well. I cannot answer why lighttpd is running as root, because the changes are done by PHP.
February 14, 2017, 02:31:14 PM #2
Privilege separation is on the OPNsense roadmap: https://opnsense.org/about/road-map/

Bart...
February 14, 2017, 02:56:31 PM #3
OK, thanks for clarifying.
I will monitor the roadmap more closely.

Best regards,
William
Print
Go Up Pages1
User actions