| ▲ | Veserv 3 days ago | |
No, you should run every program with only the privileges it needs. The very concept of running your programs with all your privileges as a user by default is wrong-headed to begin with. To strain the "user" model you should have a distinct "user" for every single program which has only the resources and privileges needed by/allocated to that program. The actual user can allocate their resources to these "users" as needed. This is a fairly primitive version of the idea due to having to torture fundamentally incompatible insecure building blocks to fit, but points in the direction of the correct idea. | ||
| ▲ | cipherself 3 days ago | parent [-] | |
I have used systemd services before to do this to run an application, I had a user created specifically for the application, and I defined the capabilities the application needed via CapabilityBoundingSet and AmbientCapabilities [0] and I used a lot of stuff from [1] to restrict the application e.g. the sandboxing facilities, restricting the allowed syscalls [2], ...etc. systemd also comes with a useful command systemd analyze security [3] [0] https://www.freedesktop.org/software/systemd/man/latest/syst... [1] https://www.freedesktop.org/software/systemd/man/latest/syst... [2] https://www.freedesktop.org/software/systemd/man/latest/syst... [3] https://www.freedesktop.org/software/systemd/man/latest/syst... | ||