Univention Bugzilla – Bug 51238
Directory-Notifier runs as root
Last modified: 2020-05-07 08:54:57 CEST
Running network facing services needlessly as user "root" is a CWE-272 violation of the "Principle of least privilege". # ps u $(pgrep -f /usr/sbin/univention-directory-notifier) USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 6457 0.0 0.5 144108 5984 ? S Mai05 0:00 /usr/sbin/univention-directory-notifier -d 1 -v 3 -F Nevertheless the service should not run as user "root" but use a dedicated local user account.