On 14. juli. 2009, at 18.25, Dustin wrote:
Oh, one more thing: please don't run memcached (or anything else where it isn't absolutely necessary) as root. This is very dangerous. That's why memcached refuses to do it unless you want forcefully tell it that it's wrong and that you know what you're doing and to hell with security issues. We do, of course work hard to write clean, secure code, but bugs are possible, and security is best served in layers -- each of which doing the most it can to reduce attack vectors. I won't go as far as to say it's *always* wrong to run memcached as root, but feel free to take that out of context and pretend like I did.
Personally I also prefer to drop the root privileges _before_ I start the program unless the program really need any privileges. The main purpose for doing so is that then I'm 100% sure that no matter how buggy the software is, it cannot get a root exploit.
Back to memcached: if you run memcached on (Open)Solaris, it will drop privileges during startup.
Cheers, Trond
