Hi, I notice that by default the ISPconfig cron jobs are installed into root's crontab. Also, there are a couple of processes spawned that run as root user e.g. ispconfig_wconf, cronolog I'm a little nervous that this could have the potential to allow my machine to be pwn3d at some point due to some back door exploit being discovered in one of the Internet facing scripts or services. Wouldn't it be better to have these run as a non-root user or am I just being paranoid? Thanks, Porjo.
Only the jobs are run as root that require root permissions. You cant administer a server without root priveliges. "normal" users can not add other users, restart services etc. You cant run them as other user because this wont work. Thats why ISPConfig is splitted in 2 parts, the interface that communicates with the user and runs the webserver on port 81 is run under a unpriveliged user (admispconfig) and only the scripts that absolutely need root permissions are run by root. These scripts are completely separated from the interface.
Thanks Till for the quick reply. I wondered if perhaps there might be a way for some malicious code to be written somewhere on the system by the admispconfig user, then later executed by the root user via one of the privileged scripts or services?
I don't think so. The backend (which is run as root) doesn't take any commands from admispconfig. All admispconfig can do is write the file /home/admispconfig/ispconfig/.run which would then make the backend start and rewrite the configuration if there have been changes in the web interface. But that's the only point where the back- and the frontend are connected.