Type of user for NodeBB installation?
-
@aleksei I personally wouldn't do this. By running as root you are essentially providing full access to your system. It would only take a malicious payload to be injected via a user post and that malicious code immediately has root.
Create another user with less rights and run NodeBB under that.
-
@aleksei said in Type of user for NodeBB installation?:
@dunlix thanks for the reply.
And from the security perspective, is it OK to use root user to install NodeBB, then run./nodebb startand forget about it? (if I'm the only one, who administrates the server)I think not. Go ahead and install as root if you must for convenience. Or if you already forged ahead and are now here... But then do also create a dedicated user, e.g. "nodebb" to actually run the app as.
You'll of course need to chown the nodebb install directory so.. might as well just create that dedicated nodebb user in the first place and...
Meanwhile... somebody compromises something nodebb app side whilst it is running as root means that process also has root privileges. Does that give you a warm fuzzy feeling?
-
Do not use root or a user with elevated privileges to install or run NodeBB. It places your system under unnecessary risk.
chown doesn't have codes, you're thinking of chmod.
-
@aleksei Presuming a dedicated nodebb user and nodebb group exist:
% chown -R nodebb:nodebb /some/nodebb/install/directory/ % chmod -R 755 /some/nodebb/install/directory/I favor /opt/nodebb. Most others likely use a subdir in their nodebb home dir.
Have fun! o/
-
@aleksei said in Type of user for NodeBB installation?:
As I understood this user doesn't have to have sudo rights to install the forum?
Correct.
-
@aleksei the user wouldn't have sudo rights, but you don't need sudo rights to install the forum.
