Newbie question, bitcoind installation doubte

1

I am not an expert of linux systems but I want to learn how to use it on a secure way. I have an vps with ubuntu and I installed bitcoind with the root user. I read into a lot of sites that I should use another user account and install the program which require privileges through sudo command. Is it very bad that I have installed bitcoin daemon as root? If it is very bad, which are the right steps that I should follow to have a clean and secure installation?

Maybe it is a stupid question, but if someone could reply me to improve my knowledges I'd be very grateful

John Graham

Posted 2016-07-16T15:08:32.003

Reputation: 73

Answers

2

The problem with running a network facing daemon as root, is that if in the future there is an exploit found for that daemon then potentially an attacker could execute code on your machine as root. This gives the attacker unlimited accesses to your machine. To fix this you would need to create a user/group that your daemon can run as and also assign that user/group to the files your daemon needs to access. This prevents an attacker from having free reign over your computer should he exploit that daemon.

To create a user/group for your daemon called user bitcoin you can run the following:

$ sudo useradd -U -r -s /bin/false bitcoin
  • -U create a group named bitcoin
  • -r create a system account
  • -s /bin/false sets the login shell to /bin/false (this way no one can potentially login with this user and get a shell

Now lets say you have chosen to store all the bitcoind related files in the /var/lib/bitcoind directory.

$ sudo mkdir /var/lib/bitcoind
$ sudo chown -R bitcoin: /var/lib/bitcoind

This will set bitcoin user and bitcoin group as the owner of all files within that directory as well as the directory itself.

When you run the bitcoind daemon you need to tell it to run as user bitcoin and to use /var/lib/bitcoind as it's data directory. Make sure your files like your wallet or blockchain data are inside /var/lib/bitcoind. Your bitcoin.conf is expected to be stored at /etc/bitcoin/bitcoin.conf in the following system script.

Now you just need to install a script that will start your daemon for you with your intended user. To do this please read the instructions (chances are you are using systemd so follow those instructions): https://github.com/bitcoin/bitcoin/blob/master/doc/init.md

I hope this helps!

Brandon

Posted 2016-07-16T15:08:32.003

Reputation: 286

1Thanks for your reply and for show me that script to start the daemon, you explained it to me better than tutorials that I see over internet! I just have one doubte yet: in my case I didn't specify a custom directory for bitcoind's files, then should I just execute sudo chown -R bitcoin: ~/.bitcoin? Or am I wrong?John Graham 2016-07-16T17:20:05.953

1@JohnGraham hey, no problem glad to help. If you're files are already in ~/.bitcoin, you can either simply move them all from there to /var/lib/bitcoind or just edit the bitcoin.service file to use your full home directory /home/<your username>/.bitcoin. If you choose to keep your home directory then make sure you change the owner like your said and make sure your home directory isn't encrypted. If it is then the bitcoin user won't be able to access the files when Ubuntu starts up. Personally since this is a service daemon, I would move all the files to /var/lib/bitcoind.Brandon 2016-07-16T19:53:15.573

1Okay perfect, I will follow your advice and I will move them to /var/lib/bitcoind Thanks again!John Graham 2016-07-16T20:11:12.610

Asked: 2016-07-16T15:08:32.003

Viewed: 225 times

Active: 2016-07-16T16:36:45.380