-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run hbbr and hbbs not as root #365
Comments
Good idea! |
I'm not familiar with github so I'll have to study on how to make it. |
Running as root is a horrible idea. You can easily run In this case I created a normal user: Uncompressed rustdesk archive under Which created the subdirectory amd64 from the archive as: Then created two systemd services:
Finally, if you are using Alma, Rocky or Oracle Linux (derivatives of RHEL) then you also need to give some extra permissions to SELinux, here is the SELinux module with the required permissions:
I hope this helps others get more secure and NEVER run as root !!! woot !!! |
BTW, if you run with https://rustdesk.com/docs/en/self-host/rustdesk-server-oss/install/#option-2 |
I have just installed the debian packages rustdesk-server-hbbr_1.1.10-3_amd64.deb and rustdesk-server-hbbs_1.1.10-3_amd64.deb on a Debian 11 vm.
Everything works flawlessly, but I have seen that the executables are run as the root user.
I'd like to have them run as a dedicated non privileged user instead of root.
Since the program does not make use (at least by default) of lower ports, even a normal user can run it without issues.
I have modified the systemd units to make it run with a "rustdesk" user and group I have created, I have chowned the /var/log/rustdesk and /var/lib/rustdesk directories (and their contents) and indeed the server works fine without being root.
This allows for a little better security overall in case of some RCE flaw in hbbr and hbbs.
The text was updated successfully, but these errors were encountered: