Bitcoin Forum
May 05, 2024, 11:38:01 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Security advantage to run Bitcoin daemon as something else other than root
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Security advantage to run Bitcoin daemon as something else other than root  (Read 1680 times)
Chick (OP)
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
July 02, 2011, 09:48:58 PM
 #1
I'm setting up an sever dedicated for the Bitcoin daemon to start storing my Bitcoins. I just wanted to know if there were any security advantages to run the daemon as another user other than root. Since the daemon will be the only thing running on the system, I don't see why not?

The only way anybody will be connecting to the server is via an internal IP through json-rpc api calls.

Thanks
https://i.imgur.com/BkDbw.png
1714952281
Hero Member
*
Offline Offline

Posts: 1714952281

View Profile Personal Message (Offline)

Ignore
1714952281
1714952281
Reply with quote  #2
1714952281
Report to moderator
"There should not be any signed int. If you've found a signed int somewhere, please tell me (within the next 25 years please) and I'll change it to unsigned int." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1714952281
Hero Member
*
Offline Offline

Posts: 1714952281

View Profile Personal Message (Offline)

Ignore
1714952281
1714952281
Reply with quote  #2
1714952281
Report to moderator
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
July 02, 2011, 09:55:31 PM
 #2
the light over this:
root is a administrative user, and should not be used, unless the powers of being root is necessary.

it is really very simple to make another user:
Code:
adduser <username>

but in this case a cant see why you cant use root. but don't do it anyway
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
qwk
Donator
Legendary
*
Offline Offline

Activity: 3542
Merit: 3411


Shitcoin Minimalist


View Profile
July 02, 2011, 10:02:32 PM
 #3
Quote from: Chick on July 02, 2011, 09:48:58 PM
I just wanted to know if there were any security advantages to run the daemon as another user other than root. Since the daemon will be the only thing running on the system, I don't see why not?

Return question: where is the advantage in running it as root? I don't see why?

Generally, it is always a good idea to run services with the minimal privileges required. Just good, common practice.
Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
Chick (OP)
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
July 02, 2011, 10:03:05 PM
 #4
Quote from: kokjo on July 02, 2011, 09:55:31 PM
the light over this:
root is a administrative user, and should not be used, unless the powers of being root is necessary.

it is really very simple to make another user:
Code:
adduser <username>

but in this case a cant see why you cant use root. but don't do it anyway

I'm not talking about the simplicity of creating another user on the system. I just don't see a reason not to host the daemon on root because I don't see any reason to do so.

But I don't believe the Bitcoin daemon needs any administrative powers, so I'll go ahead and make an account for it.

Thanks
https://i.imgur.com/BkDbw.png
JoelKatz
Legendary
*
Offline Offline

Activity: 1596
Merit: 1012


Democracy is vulnerable to a 51% attack.


View Profile WWW
July 02, 2011, 10:34:29 PM
 #5
Quote from: Chick on July 02, 2011, 10:03:05 PM
I'm not talking about the simplicity of creating another user on the system. I just don't see a reason not to host the daemon on root because I don't see any reason to do so.
If the daemon runs as root, someone who compromises the daemon can also load a kernel module to hide his tracks, modify system log files, and so on. I admit, it's a small issue, since if he can steal your wallet, the rest doesn't much matter.
I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Security advantage to run Bitcoin daemon as something else other than root
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!