Getting Data In

What are the pros and cons of running thousands of UFs as root

danielbb
Motivator

We have thousands of UFs running as Unix root and we have discussions whether to keep it like that or run the UFs as a distinct user.

Therefore my question is - what are the pros and cons of running thousands of UFs as root?

Tags (2)
0 Karma

PavelP
Motivator

in most cases there are no need to run UF as root user, most common excuses:

  • permissions to access root-only files - can be relaxed using chmod, chown, unix groups, chattr, setcap etc.
  • permissions to open ports below 1024 - can be fixed with iptables, or dropping permissions after start
  • selinux/apparmor - can be adjusted

most severe disadvantage - security risk because of:

  • increased attack surface
  • any/most security restrictions (file permissions, even SElinux etc) can be disabled or bypassed
  • etc.
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...