# Daemon process and users?

## unnamedplayer

I've been using linux on and off for a few years now, but I've decided to finally get rid of windows completely after reading the convincing introduction in "the linux command line"  :Wink: .

Now I'm trying to set up a little server at home and I was wondering:

I suppose it's not a good idea to run a service (e.g. svn/lampserver/.. ) as root since if there's any vulnerabilities in there they might get access to my system.

But it seems most services are launched at startup as root? I've been googling this a bit and I've seen people starting up their services with scripts changing the user in the startup script. 

Is this the only way (or standard way) to do this?

Besides that, I was also wondering if there's any conventions in a linux system for directories used by applications?

I'm trying to install samba aswel, but I'm not sure where to create the shared folders.  Same for folders for other applications like utorrentserver etc.

Thanks

----------

## eccerr0r

A lot of applications know how to switch from root to another user (like Apache, Samba, etc.).  Those that don't, you could use su to run the application as another user - if they support running as a non-root user.  Keep in mind that the "well known" "reserved" ports from 1-1023 or so require root by the kernel to listen to.

Unfortunately for Linux, file locations are not standardized - each distribution has their own place to put files.  There has been an attempt to standardize between Linux but it's hard to do with different Linux using different boot mechanisms.  This also applies for other Un*xes, all are different...

----------

## PaulBredbury

 *unnamedplayer wrote:*   

> I suppose it's not a good idea to run a service (e.g. svn/lampserver/.. ) as root

 

Depends how the service is designed. The 2 good methods are:

The app starts as root, does some setup as root, then drops to a less-privileged user.

The startup script runs the service as a less-privileged user, e.g.:  su ddclient -c "nice /usr/sbin/ddclient $ARGS"

In addition, I restrict services using AppArmor.

 *unnamedplayer wrote:*   

> conventions in a linux system for directories used by applications?

 

The FHS, although it's a loose standard.

----------

## unnamedplayer

Thanks for the info, and thanks for the FHS urls, it was an excellent read.  Going to bookmark it for future references  :Wink: 

----------

