1.5 Ensure the Cassandra service is run as a non-root user

Information

Though Cassandra database may be run as root, it should run as another non-root user.

Rationale:
One of the best ways to reduce your exposure to attack is to create a unique, unprivileged user and group for the server application. A best practice is to follow is ensuring processes run with a user with least privilege.

Solution

Create a group for cassandra (if it does not already exist)

sudo groupadd cassandra

Create a user which is only used for running Cassandra and its related processes.

sudo useradd -m -d <DIRECTORY_WHERE_CASSANDRA_INSTALLED> -s /bin/bash -g cassandra -u <USERID_NUMBER> cassandra

Replacing <DIRECTORY_WHERE_CASSANDRA_INSTALLED> with the full path of where Cassandra binaries are installed.

Replacing <USERID_NUMBER> with a number not already used on the server

See Also

https://workbench.cisecurity.org/files/2309