Does Zimbra needs root login enabled ?

General discussion about Zimbra Desktop.
Post Reply
gustavobap
Posts: 22
Joined: Mon Aug 17, 2015 7:34 am

Does Zimbra needs root login enabled ?

Post by gustavobap »

I have disabled the root login in my server for security reasons. Now there are some logs at /var/log/auth.log

Aug 17 09:25:01 angra CRON[29127]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 17 09:25:01 angra CRON[29127]: pam_unix(cron:session): session closed for user root
Aug 17 09:25:54 angra sudo: zimbra : TTY=unknown ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Aug 17 09:25:54 angra sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Aug 17 09:25:54 angra sudo: pam_unix(sudo:session): session closed for user root

this is repeate every 2 minutes. Is this related to disabling the root ? 

Thank you
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Does Zimbra needs root login enabled ?

Post by phoenix »

Yes, you need it enabled.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
gustavobap
Posts: 22
Joined: Mon Aug 17, 2015 7:34 am

Does Zimbra needs root login enabled ?

Post by gustavobap »

Thanks for the response. I have diabled it because I hava accidentally set the password with sudo passwd

But I belive initally the login was already not allowed by default.

I ran the following (ubuntu server 14.04)



sudo usermod -p '!' root

sudo passwd -l root



Do you know how to enable it again without setting a password ? I didn't get how these are related because zimbra does not know the password.
gustavobap
Posts: 22
Joined: Mon Aug 17, 2015 7:34 am

Does Zimbra needs root login enabled ?

Post by gustavobap »

phoenix, are you sure zimbra needs it ? Can you point me some documentation I can't find anything on docs or google
chauvetp
Outstanding Member
Outstanding Member
Posts: 350
Joined: Fri Sep 12, 2014 11:28 pm

Does Zimbra needs root login enabled ?

Post by chauvetp »

Postfix runs as root at the very least. Root access is needed to start Zimbra since Liunx/UNIX requires low ports (below 1024) to be started by (not necessarily running as) root.



That being said, I don't think Zimbra needs to login as root, but it needs to have sudo access to run certain commands. You should easily be able to set a different password for root if your're concerned about the password. You can also review the commands that Zimbra runs as root via the /etc/sudoers file (though I would strongly recommend not changing anything placed there by Zimbra's setup).
Post Reply