Excessive root usage in Debian
Today as I watched update-menus eat up over 200 megs of RAM in the 11
seconds before I could kill it, it occured to me: why should this have
to run as root? I'd rather have it run as some other user, subject to
resource limits.
We constantly preach at our users (rightly so!) that they should avoid
root whenever possible. Yet we violate this principle ourselves. Not
only that, but we force them to violate it sometimes.
We should not have configuration programs like this requiring root.
They should instead work with files owned by a user or group that they
can run under. The same goes for scripts in many other things.
There's no logical reason that they need root privs and it only serves
to increase the chances of a security breach.
We run all sorts of things as root that really shouldn't. We run
sendmailconfig, a big shell script that invokes m4, makemap, and
various other programs as root. Few of the things that script does
should be run as root. There's no sane reason to run m4 as root.
Nobody has even audited tthese things for security for running as
root!
Along the same lines, we ought to have special accounts for
subsystems. We already have some of this. There's www-data, daemon,
mail, dialin, lp, news, uucp, etc. I am *NOT* suggesting special
accounts for each program or daemon, merely ones for systems. How
about an X account so that managing these files can be delegated to
someone?
I have 27 /usr/sbin/*config files. Not a one runs as anything other
than root. Few really need to runas root.
Reply to: