Linux privileges - sudo and root
Apologies that I have not posted anything in the past couple of days, things have been quite hectic.
I have noticed that a number of people on the zencash slack and discord are running their nodes or have been advised to run their software with elevated privileges, this is not recommended.
I cannot stress this enough. Do not use
sudo to run your tracker software or your
zend daemon or any other software with elevated privileges.
"Sudo stands for either "substitute user do" or "super user do" (depending upon how you want to look at it). What sudo does is incredibly important and crucial to many Linux distributions. Effectively, sudo allows a user to run a program as another user (most often the root user)." (source: https://www.linux.com/learn/linux-101-introduction-sudo )
"Avoid running applications as root whenever possible. When an application is running as the root user that application has the ability to control your server. If an attacker gains control of that application then they can perform any task they want on your server, if you are running SELinux there is an additional security control; but even then an application that runs as root can potentially disable all of your additional security controls." (source: http://bencane.com/2012/02/20/why-you-should-avoid-running-applications-as-root/)
Applications that are run using
sudo will not only create files that will be owned by root, but will also expose the system to some serious security vulnerabilities. Take for example you install Chrome, and it had a vulnerability where it allowed a malicious script to be executed, if you are running Chrome using
sudo, that script will be able to run as root. Something you most definitely do not want!!
While there are circumstances where you need to run applications or services using
sudo, these should be limited in scope.
If you have already
git clone the tracker using
sudo, or for any other directory or file you can use the following to re-assign the permissions to the standard user (Note: Replace
username with your username):
Directory and Files
sudo chown -R username: directory
sudo chown username: directory
sudo chown username: <file>
Please ensure you do use the : after the username. This will add the default group for that user.
I hope this helps you and should you have any questions please contact me on the zencash slack/discord/irc or in the comments below.