On system startup I need to launch a process which requires credentials for other services (database etc.) to interact. I obviously don't want to store those on disk for security reasons.
I'm trying to think of a way to provide those credentials to the process on launch - and on launch only. After that they should be only available to the process.
Is this possible somehow? The bottom line is to make it as hard as possible for an intruder to get to those credentials.
Is this possible somehow? The bottom line is to make it as hard as possible for an intruder to get to those credentials.
Place the password in a file that only the processes user can access. If it starts as root, make it owned readable by root only. If it starts as apache, then apache.
If it starts as shared user like nobody (or even apache, if the webserver doesn't run scripts as the user who owns them) then you are stuck. There is no foolproof way of making it only readable by one process at one specific machine state (e.g. after a reboot).
Ideally, your process will start as root where you can read the config, then switch to an unprivileged user. This also depends what level of access your users have: if they can sudo, you can forget everything. They can just strace the processes, dump the memory, or sniff the network to see the credentials.
