Tip of the day: Channel mode +f is a powerful anti-flood feature. It is also slightly complex. Enable it in your most important channels, and consider setting a default in set::modes-on-join.

Do not run as root

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

As mentioned in our installation instructions you should not start or run UnrealIRCd as root. We have always highly discouraged this with startup warnings. Later version of UnrealIRCd simply refuse to start as root.

If you are not interested in the why then skip right over to #How to add a user and #Migrating from root to a normal user (if you are migrating, that is).

Why?

Because running UnrealIRCd as root is unnecessary and dangerous.

root user have elevated privileges. If a security issue in UnrealIRCd can be exploited then the attacker has full root privileges, meaning they can do anything on the machine, with unrestricted access to all files and directories.

You should run UnrealIRCd as a (limited) normal user. This way, if UnrealIRCd is compromised, the attacker will have limited access only to the resources associated with that specific user and won't have full control over the system.

Should I create an account only for UnrealIRCd?

We recommend running UnrealIRCd under a dedicated account such as unrealircd. This account should only be running UnrealIRCd and not have access to any other data files.

Perhaps you already have both root and a 'regular user account' on your system. Then we still recommend to create another (3rd) account. For example on Amazon EC2 you may have an account named ubuntu with passwordless sudo privileges, it would be unwise to run UnrealIRCd under such an account.

We recommend a dedicated account. This also means we suggest running services (such as anope) under its own account (eg: anope). This is so a security issue in anope would not compromise UnrealIRCd and vice-versa.

How to add a user

On *NIX the command is usually called adduser. 

adduser unrealircd

Or if you are not root then: 

sudo adduser unrealircd

This creates a user unrealircd with a home directory of /home/unrealircd. Later on UnrealIRCd will be installed in /home/unrealircd/unrealircd.

Log in as the user unrealircd and setup your UnrealIRCd. See the installation instructions for more information.

Migrating from root to a normal user

See previous section on how to create the user and install UnrealIRCd.

After you have installed UnrealIRCd in its new location you should copy all files from /root/unrealircd/conf/ to /home/unrealircd/unrealircd/conf/ and change ownership of the files.
Run the following as root: 

cp /root/unrealircd/conf/* /home/unrealircd/unrealircd/conf/
chown unrealircd:unrealircd /home/unrealircd/unrealircd -R

Now you are done as root. Log in as the user unrealircd again and start/stop UnrealIRCd as usual.

Don't forget to remove (or rename) your old installation in /root/unrealircd. Also remove the conjob for it if you had previously installed any.

Retrieved from "https://www.unrealircd.org/docwiki/index.php?title=Do_not_run_as_root&oldid=13927"