[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Excessive root usage in Debian

Today as I watched update-menus eat up over 200 megs of RAM in the 11
seconds before I could kill it, it occured to me: why should this have 
to run as root?  I'd rather have it run as some other user, subject to 
resource limits.

We constantly preach at our users (rightly so!) that they should avoid 
root whenever possible.  Yet we violate this principle ourselves.  Not 
only that, but we force them to violate it sometimes.

We should not have configuration programs like this requiring root.
They should instead work with files owned by a user or group that they 
can run under. The same goes for scripts in many other things.
There's no logical reason that they need root privs and it only serves 
to increase the chances of a security breach.

We run all sorts of things as root that really shouldn't.  We run
sendmailconfig, a big shell script that invokes m4, makemap, and
various other programs as root.  Few of the things that script does
should be run as root.  There's no sane reason to run m4 as root.
Nobody has even audited tthese things for security for running as

Along the same lines, we ought to have special accounts for
subsystems.  We already have some of this.  There's www-data, daemon,
mail, dialin, lp, news, uucp, etc.  I am *NOT* suggesting special
accounts for each program or daemon, merely ones for systems.  How
about an X account so that managing these files can be delegated to

I have 27 /usr/sbin/*config files.  Not a one runs as anything other
than root.  Few really need to runas root.

Reply to: