run nessus as root?
Thomas Arendsen Hein
thomas at intevation.de
Thu Jan 27 02:04:31 EST 2005
* McDermott, AS Amanda (5841) @ IS <amanda.mcdermott at L-3com.com> [20050126 20:04]:
> Other than unnecessary stress on the machine, are there other reasons I
> should not run Nessus as root? Are there times when I should?
As the other two postings said, the Nessus daemon should be run as
root. But the Nessus client (the command 'nessus') should *not* be
run as root, because it doesn't need root privileges!
You gain security if you don't run things as root, because errors in
the program (or errors in what you type) can't affect the whole
system, but only your user account.
Thomas
--
Email: thomas at intevation.de
http://intevation.de/~thomas/
More information about the Nessus
mailing list