Linux security non-modules and AppArmor
Posted Jul 2, 2007 8:07 UTC (Mon) by farnz
In reply to: Linux security non-modules and AppArmor
Parent article: Linux security non-modules and AppArmor
My Apache runs on port 80, which can only be bound by root. My SMTP server runs on port 25, which can only be bound by root (not in the list of examples, but I did rather assume that you'd apply some intelligence). My SSH daemon runs as root briefly (setting up port 22, and changing user to the user who's logging in).
Indeed, all the long-running services on my boxes must run as root for part of their lifetime, just to bind their well-known ports for listening. Mozilla and mutt obviously don't run as root at all, but they're not necessarily that interesting to confine (e.g. on a server).
to post comments)