Replies: 1 comment
-
i2pd is first and foremost a daemon. Some users may launch any daemon from their terminal, it does not change the fact that it is a daemon. Besides, running i2pd in the same unix user as the person using the computer, is not good. Because if the daemon gets a vulnerability (because it is quite complex AND it connects to random, possibly attacker controlled computers AND [forgive me & ignore if you think this is a meme] it is not written in a very memory safe language), then the user may get hacked also, and their data exfiltrated. But if you run i2pd in a container, or even just a separate unix user with appropriately set permissions (which can get you almost on par with container), then the attacker will not have access to regular user data, and will need to also hack kernel to get it. So it is better to run it as a system service, since many service scripts already set up that separate unix user for you. |
Beta Was this translation helpful? Give feedback.
-
There is such a document, called Filesystem Hierarchy Standard - https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04.html.
By design, /usr/bin is intended to store user programs, while /usr/sbin - for system, daemons, and others that are executed by the administrator.
The question is: how do we position i2pd? Essentially, it is a daemon that logically should be run as a service, and does not provide interactivity with the user, but on the other hand, some launch the application from the client terminal and keep the application running in a local session with application data stored in ~/.i2pd.
10 votes ·
Beta Was this translation helpful? Give feedback.
All reactions