On Linux/Unix based web servers, under which privilege should the daemon service be run?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

On Linux/Unix based web servers, under which privilege should the daemon service be run?

Explanation:
Run daemons with the least privilege necessary. On Linux/Unix systems, giving a web server full root privileges means any vulnerability could give an attacker complete control over the machine. The safer approach is to start with root only long enough to perform privileged startup tasks (like binding to port 80) and then drop privileges to a limited, non-root user (for example, www-data or apache). This confines the daemon’s capabilities and limits what an attacker could do if it’s compromised, reducing the potential damage. That’s why the best practice is to run the daemon as something other than root. Running strictly as root is risky because it provides unrestricted access. The option of using a guest account isn’t practical for a long-running service, as it still wouldn’t give the necessary capabilities and could introduce its own security issues. The idea that you cannot determine the appropriate privilege isn’t accurate; the established approach is to operate under a non-root account with careful privilege handling.

Run daemons with the least privilege necessary. On Linux/Unix systems, giving a web server full root privileges means any vulnerability could give an attacker complete control over the machine. The safer approach is to start with root only long enough to perform privileged startup tasks (like binding to port 80) and then drop privileges to a limited, non-root user (for example, www-data or apache). This confines the daemon’s capabilities and limits what an attacker could do if it’s compromised, reducing the potential damage. That’s why the best practice is to run the daemon as something other than root.

Running strictly as root is risky because it provides unrestricted access. The option of using a guest account isn’t practical for a long-running service, as it still wouldn’t give the necessary capabilities and could introduce its own security issues. The idea that you cannot determine the appropriate privilege isn’t accurate; the established approach is to operate under a non-root account with careful privilege handling.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy