The Linux user running Bitcoin Core should not have sudo permissions #10
Labels
Milestone
Comments
epiccurious
added
EASY
|
Updating this issue to HARD since it involves researching best security practices for Linux services. |
epiccurious
added
HARD
|
|
This was referenced Dec 17, 2023
sudo adduser --disabled-password --gecos "" bitcoin
sudo usermod -aG bitcoin $USER
sudo cp bitcoin/bin/* /usr/local/bin/
xhost +si:localuser:bitcoin
https://www.tecmint.com/switch-user-account-without-password/
sudo vi /etc/pam.d/su
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
# Allow users in group bitcoin to su to bitcon account without password
auth [success=ignore default=1] pam_succeed_if.so user = bitcoin
auth sufficient pam_succeed_if.so use_uid user ingroup bitcoin
Exec=/bin/bash -c 'su bitcoin -c "bitcoin-qt %u"'
mkdir .bitcoin
chown bitcoin .bitcoin/
chmod 750 .bitcoin/ |
epiccurious
modified the milestones:
Minimum Viable Product,
Phase I: Security & Stability
|
Moving to Phase I milestone |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are currently launching bitcoin-qt as an administrator with super user permissions.
Need to create a separate user like "bitcoin" that has restricted permissions.
Also lock down what ports that user can communicate on.
Determine which parts of this guide video are relevant for all general use cases and if we want to use the admin to control services to control the users that control the binaries: https://m.youtube.com/watch?v=_Hrnls92TxQ
The text was updated successfully, but these errors were encountered: