XRPi Home

Documentation Index
Alphabetic Index

XRPi Documentation - Configuration

Running XRPi as Root?

Running XRPi with super-user privileges is easier and more convenient than running it as an unprivileged user. But technically it is more of a security risk.

This page explores some of the pros and cons or running XRPi as a privileged user or not. It is a work in progress...

Discussion

Running As Root:

If XRPi is "run as root" (i.e. from a root account), it has full access to the file system and sensitive processes. This makes life easier if you need to tinker with the Pi's configuration via XRPi's command interface.

For example, imagine XRPi sitting on a remote hilltop as part of a Packet Radio network, but without Internet access. How would you set the time and date if it drifted? How would you make any changes to the PI's configuration, without going to site? There's no Internet connection, so you couldn't use VNC or SSH!

Answer: If you can "connect" to XRPi over the AX25 packet network, and verify yourself as a sysop, you can use the DOS and SHELL commands to do most system maintenance, even over the slowest link. If the AX25 links support TCP/IP, you might even be able to use XRPi's FTP server to upload new versions.

But if XRPi is not running as "root", you would not be able to set the time or date, and you would not have write access to an "sensitive" areas of the file system.

The downside of running as root is that, in the unlikely event that a malicious actor cracks or guesses your password, he would have full access to the machine.

This means he could delete all your stuff, or lock you out and use the machine as an attack tool.

To get this into perspective however, XRPi has clocked up several years trouble-free service running as root, un-firewalled from the Internet.

Running Unprivileged:

This is slightly less convenient, in that you have to tinker with capabilities and give some thought to what access you need to various parts of the system.

But it is more secure. If someone cracked your password, they could only trash the XRPi part of your system.

If you run unprivileged, you cannot change the date and time from the XRPi command line, and you cannot access privileged areas of the file system using FTP or the DOS emulator.

You are also prevented from creating an EXTERNAL interface or performing any TCP/IP operations involving the LAN or localhost, unless you set CAP_NET_RAW on the program, and from opening low-numbered server ports on the kernal stack unless you set CAP_NET_BIND_SERVICE (see capabilities).

Summary

Running As Root

  • Everything just works.
  • Theoretically less secure.
  • Sysop can set time and date from XRPi command line.
  • PZTDOS has full access to file system
  • FTP server has full access to file system.(for all sysops?)

Running As User

  • Theoretically more secure.
  • Can't access Ethernet/Wifi/localhost (*1)
  • Can't open server ports below 1024 on kernal stack (*2).
  • Sysop cannot set time or date from within XRPi
  • PZTDOS can't write to privileged parts of file system.
  • FTP server can't write to privileged parts of file system.

(*1) Needs CAP_NET_RAW

(*2) Needs CAP_NET_BIND_SERVICE

Caveats

You can not use "sudo" to run XRPi as root, because the session has a time limit. XRPi will run, but after a while it will stop responding to the keyboard. And it may bork if you use the "restart" command.

(It is possible to change the sudo timeout on some Linux distros)

See also

CAPS -- Capability Flags
IP-STACKS -- IP Stacks in XRPi.
TCP Ports -- TCP Server Ports.
LAN -- LAN Interfacing.