|
Home > Archive > Perlbal > February 2007 > uid of perlbal process?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
uid of perlbal process?
|
|
| Daniel Risacher 2007-02-12, 1:11 pm |
|
I installed perlbal recently (in prep for trying to make cometd work), an=
d I was
mildly disturbed to not see any way to make it run as a user other than r=
oot.=20
Since it needs to grab port 80, it obviously needs to start as root, but =
it
seems like it could (should?) drop root privledge after opening the liste=
n
socket. I'm pretty accustomed to the idea of the web server running as (=
largely
unprivledged) user "www-data".
Has this come up before?
-Dan
| |
| Brad Fitzpatrick 2007-02-12, 1:11 pm |
| Wow, that surprises me as well. I guess on LiveJournal we run it on high
ports (not 80), so I never noticed.
One admittedly weak argument in our defense: it is written in Perl, not C,
so it's already tons safer. :-)
Patch?
Should be as easy as adding "sub MANAGE_user" and "sub MANAGE_group" (or
combine them) in lib/Perlbal.pm.
On Mon, 12 Feb 2007, Daniel Risacher wrote:
>
> I installed perlbal recently (in prep for trying to make cometd work), and I was
> mildly disturbed to not see any way to make it run as a user other than root.
> Since it needs to grab port 80, it obviously needs to start as root, but it
> seems like it could (should?) drop root privledge after opening the listen
> socket. I'm pretty accustomed to the idea of the web server running as (largely
> unprivledged) user "www-data".
>
> Has this come up before?
>
> -Dan
>
>
|
|
|
|
|