Kbase P79849: Does running the AdminServer as root imply a security risk ?
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
11/11/2008 |
|
Status: Verified
GOAL:
Does running the AdminServer as root imply a security risk ?
GOAL:
Is it safe to start the AdminService as root ?
FACT(s) (Environment):
All Supported Operating Systems
Progress/OpenEdge Product Family
FIX:
At some customer sites, the IT administrators like to restrict the use of root owned processes. The default Progress installation does require root privileges to set everything up but leaves everything owned and running as root.
Running the AdminServer as root is safe in this case:
1) The AppServer authenticates to the OS accounts before any operations can be performed. This check has been extended in 9.1D by adding the startup option to include OS group authorisation to insure that general purpose accounts cannot be used to connect and execute AdminServer operations.
Please refer to the new AdminServer authorisation options intoduced in 9.1D (-admingroup and -requireusername) as first published in Appendix F of the "Version 9 Product Update Bulletin", otherwise in the Database Administration documentation of later versions.
Please note, that after installing a Service Pack, these options are removed from the registry on Windows (known issue) and the -admingroup and -requireusername parameters will therefore need manually re-entering:
example:
HKLM\SOFTWARE\PSC\AdminService\9.1D\StartupCmd\Chimera
2) The unified brokers (eg: AppServer ) can be started with a command line option ( -requireusername ) that prevents it from starting AppServers or NameServers without an explicit account and password in the ubroker.properties file. (Note: root privileges are required to set the new process id to something other than the id of the AdminServer)
3) You can choose any existing account to start an AppServer or NameServer with provided that you know the password to that account. We authenticate with the OS to prove you are authorised to use that account. The stored passwords are all encrypted.
4) The AdminServer doesn't give a connected client an opportunity to execute OS commands, so it is resistant to spoofing.