3.4 Ensure that Cassandra is run using a non-privileged, dedicated service account

Information

As with any service installed on a host, it can be provided with its own user context. Providing a dedicated user to the service provides the ability to precisely constrain the service within the larger host context.

Rationale:
Utilizing a non-privileged account for Cassandra to execute as may reduce the impact of a Cassandra-born vulnerability. A restricted account will be unable to access resources unrelated to Cassandra, such as operating system configurations.

Solution

Create a user which is only used for running Cassandra and directly related processes. This user must not have administrative rights to the system.

See Also

https://workbench.cisecurity.org/files/2309