[arm-allstar] General Observation
Doug Crompton
wa3dsp at gmail.com
Tue May 16 23:44:04 EST 2017
I totally concur with Tony's response. Allstar is run as root and there is
no reason to do otherwise. It is only a security issue if you, the user,
screws something up. This rarely happens but lets face it if it does it is
not a catastrophic loss. Burn another card and set it up again or make a
backup SD card to begin with and just pop it in. If you run it behind a
router, use a secure password and don't open any ports other than iax you
really have a secure system. If you run it directly on the Internet without
the advantage of router firewall there is a firewall that can be activated
within Allstar itself - see /usr/local/etc/allstar.env - however if you are
using a router there is no reason to use the firewall in Allstar. This
would be the case for most users.
*73 Doug*
*WA3DSP*
*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
On Wed, May 17, 2017 at 12:13 AM, "Tony Ross via arm-allstar" <
arm-allstar at hamvoip.org> wrote:
> On 05/16/2017 08:43 PM, "Nathaniel Biser via arm-allstar" wrote:
>
>> The one consistency that I have read and heard about Linux is that you
>> shouldn't run as root on a regular basis. The specific reasons escape me
>> at the moment but I'm gonna go out on the limb and hypothesize that it's
>> because if your system was compromised, and you are running as root, it
>> would be much more detrimental then if you were running as a user.
>>
>> I am curious as to why is the Allstar software page defaults to running as
>> root upon installation. Like I said, I am only a student in all of this
>> but I would like to hear the pros and cons of doing so.
>>
>
> It seems to me that an allstar radio-capable node is run from the radio
> more than the desktop. The only reason for any login would be for system
> maintenance or modification which requires root privilege anyway, even if
> only a simple bash shell "tail -f /var/log/asterisk/ messages", but the
> provided lsnodes_web is even better. The "tail -f ..." does provide better
> diagnostic indications of errors as they happen though.
>
> The main reason why one shouldn't be casual about a root login is that
> simple mistakes can be catastrophic system-wide, so do what needs to be
> done and exit. The menu-driven login does the job while protecting the
> system from the inadvertent typographical errors which we all can make.
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
>
More information about the arm-allstar
mailing list