Improve security by running as non-root

n7tae / QnetGateway

A DStar IRCDDB client gateway that supports MMDVMHost, the DVAP Dongle, DVRPTR V1, Icom Terminal and Access Point Mode and MMDVM modems (w/o MMDVMHost). Easy (and fast) to compile and install on Debian-based OS (like Raspbian). Now with IPv4/6 dual-stack support.

GNU General Public License v2.0

24 stars 7 forks source link

Improve security by running as non-root #11

Closed K2IE closed 5 years ago

K2IE commented 5 years ago

There does not seem to be a need to run as root, so I created a system user called sgs with no login shell and no home directory.

useradd -d /tmp -M -s /sbin/nologin -r sgs

sgs.cfg needs to be copied to /usr/local/etc when running as non root so that it can be read by user sgs.

Not sure if /tmp is needed as homedir or if it can even be /dev/null if nothing is to be written.

K2IE commented 5 years ago

This was meant for the sgs project, issue re-entered over there. Although, perhaps the gateway could also benefit.