Forum: Cfengine Help Subject: Re: Running cf-serverd as non-root Author: berntjernberg Link to topic: https://cfengine.com/forum/read.php?3,21136,21151#msg-21151
Hi, > Are you proposing that the agent with root privilege should fetch files from > the server running as non-root? Yes. > I appreciate the effort run at least privilege but, are there any clear risks > that justify this extra effort? If you compare two solutions, one running the cf-serverd as root and another as non-root the non-root is more secure regardless of how small the risk are. It doesn't matter if you have firewalls and other security solutions you always benefit from the least privilege model. Keeping the amount of processes that run as root and listens on the net to an absolute minimum is cheaper long term. The other way around you have a lot of "low risk" solutions lurking around in your environment and when you get hacked all those solutions combined will get you migraine headache. You will have to work 24x7 with damage control, forensic and what not to stay afloat. This scenario is not cheap. Trust me I've been there. To make sure I never end up in that situation again I always work according to the least privilege model. It gives you very sharp lines between responsibilities. In our organization the database and the application/integration team do not have access to root, only we, in the os-team have that. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
