#1  
Old 22nd February 2007, 11:43
porjo porjo is offline
Junior Member
 
Join Date: Nov 2006
Location: Australia
Posts: 15
Thanks: 0
Thanked 2 Times in 1 Post
Exclamation running as root

Hi,

I notice that by default the ISPconfig cron jobs are installed into root's crontab. Also, there are a couple of processes spawned that run as root user e.g. ispconfig_wconf, cronolog

I'm a little nervous that this could have the potential to allow my machine to be pwn3d at some point due to some back door exploit being discovered in one of the Internet facing scripts or services.

Wouldn't it be better to have these run as a non-root user or am I just being paranoid?

Thanks,
Porjo.
Reply With Quote
Sponsored Links
  #2  
Old 22nd February 2007, 12:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,573
Thanks: 792
Thanked 4,980 Times in 3,901 Posts
Default

Quote:
Originally Posted by porjo
I notice that by default the ISPconfig cron jobs are installed into root's crontab. Also, there are a couple of processes spawned that run as root user e.g. ispconfig_wconf, cronolog

I'm a little nervous that this could have the potential to allow my machine to be pwn3d at some point due to some back door exploit being discovered in one of the Internet facing scripts or services.
Only the jobs are run as root that require root permissions. You cant administer a server without root priveliges. "normal" users can not add other users, restart services etc.

Quote:
Wouldn't it be better to have these run as a non-root user or am I just being paranoid?
You cant run them as other user because this wont work. Thats why ISPConfig is splitted in 2 parts, the interface that communicates with the user and runs the webserver on port 81 is run under a unpriveliged user (admispconfig) and only the scripts that absolutely need root permissions are run by root. These scripts are completely separated from the interface.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 22nd February 2007, 23:05
porjo porjo is offline
Junior Member
 
Join Date: Nov 2006
Location: Australia
Posts: 15
Thanks: 0
Thanked 2 Times in 1 Post
Default

Thanks Till for the quick reply.

I wondered if perhaps there might be a way for some malicious code to be written somewhere on the system by the admispconfig user, then later executed by the root user via one of the privileged scripts or services?
Reply With Quote
  #4  
Old 23rd February 2007, 16:09
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

I don't think so. The backend (which is run as root) doesn't take any commands from admispconfig. All admispconfig can do is write the file /home/admispconfig/ispconfig/.run which would then make the backend start and rewrite the configuration if there have been changes in the web interface. But that's the only point where the back- and the frontend are connected.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 26th February 2007, 02:27
porjo porjo is offline
Junior Member
 
Join Date: Nov 2006
Location: Australia
Posts: 15
Thanks: 0
Thanked 2 Times in 1 Post
 
Default

Quote:
Originally Posted by falko
I don't think so. The backend (which is run as root) doesn't take any commands from admispconfig. All admispconfig can do is write the file /home/admispconfig/ispconfig/.run which would then make the backend start and rewrite the configuration if there have been changes in the web interface. But that's the only point where the back- and the frontend are connected.
OK, thanks for the clarification.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
monit howto Jamesk5 HOWTO-Related Questions 11 5th August 2008 15:10
mod_proxy / rewrite rules KenKnight Server Operation 25 30th January 2007 22:21
VMWare install on Ubuntu problem with the IP velonis HOWTO-Related Questions 10 21st September 2006 14:19
Apache - Virtual hosts - ISPConfig Hans Server Operation 8 23rd April 2006 16:29
cannot connect to ispconfig guidovanh Installation/Configuration 22 3rd March 2006 19:52


All times are GMT +2. The time now is 04:17.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.