DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 15th January 2011
unixjingleman unixjingleman is offline
Fdisk Soldier
 
Join Date: Jan 2011
Posts: 70
Default normal user for dedicated firewall?

Hi there
Just a very basic question. I've read many arguments against having a regular user(s) for server systems. Most of the arguments against having a regular user are related to not having regular users for servers. The afterboot(8) manpage says that one should create a regular user. I just wanted to know your opinion about whether to have a regular user for a dedicated firewall system. I don't need to log in remotely. Sorry about posting such a trivial question. It's just that i couldn't find anything about this when i googled it.
btw i'm extremely happy with my new OpenBSD4.8 system. I've just brought my system up to date with the latest stable version. Works like a charm.
Thank you for your time and any replies.
Reply With Quote
  #2   (View Single Post)  
Old 15th January 2011
unixjingleman unixjingleman is offline
Fdisk Soldier
 
Join Date: Jan 2011
Posts: 70
Default

I'm guessing that no you should not have a regular user on a dedicated firewall.
Reply With Quote
  #3   (View Single Post)  
Old 15th January 2011
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by unixjingleman View Post
Most of the arguments against having a regular user are related to not having regular users for servers.
I disagree with the argument.

Special-purposed systems aside, systems still need to be administered, & doing so in a responsible strategic manner may save one from making a mistake catastropic which otherwise might have been contained or perhaps prevented by working from a user account.

Working from a user account is considered a best practice. It forces one to better understand interconnections, & how to work within restrictions. Administrating from the root account provides less barriers, & people become sloppy because confinements aren't there. Working as root doesn't push one to learn & understand Unix as much as if a user account is consistently used.

Mistakes happen. The goal of proficient & effective administration is to have practices in place which minimize unwanted results which frequently are downtime & data loss. Running as root provides no protection, so the math appears pretty clear -- especially for special purposed systems such as firewalls which aren't performing their role if they are down or out-of-date.

Become friends with sudo(8). Learn what is needed to keep systems current. Chicks are attracted to those that use sudo(8) to keep their systems current.
Reply With Quote
  #4   (View Single Post)  
Old 20th January 2011
wimwauters wimwauters is offline
Port Guard
 
Join Date: Aug 2008
Posts: 36
Default

I always make extra user accounts on any server or firewall, at the very least I make an 'admin' account. There's no reason to run around will full hardware or file system power (root) when I'm only messing with pf or the samba setup.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mounting USB as a normal user rex FreeBSD General 23 5th March 2012 01:52 PM
How to Run K3B with normal user openBSD 4.4 mfaridi OpenBSD General 6 12th November 2008 10:25 PM
Wireshark not run in normal user mfaridi FreeBSD Ports and Packages 2 7th November 2008 09:49 PM
Mounting samba share as normal user rex FreeBSD General 4 27th October 2008 05:17 PM
command launched by normal user... maurobottone OpenBSD General 4 1st June 2008 03:45 AM


All times are GMT. The time now is 01:30 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick