uid of perlbal process?

Brad Fitzpatrick brad at danga.com
Mon Feb 12 17:19:49 UTC 2007


Wow, that surprises me as well.  I guess on LiveJournal we run it on high
ports (not 80), so I never noticed.

One admittedly weak argument in our defense: it is written in Perl, not C,
so it's already tons safer.  :-)

Patch?

Should be as easy as adding "sub MANAGE_user" and "sub MANAGE_group" (or
combine them) in lib/Perlbal.pm.


On Mon, 12 Feb 2007, Daniel Risacher wrote:

>
> I installed perlbal recently (in prep for trying to make cometd work), and I was
> mildly disturbed to not see any way to make it run as a user other than root.
> Since it needs to grab port 80, it obviously needs to start as root, but it
> seems like it could (should?) drop root privledge after opening the listen
> socket.  I'm pretty accustomed to the idea of the web server running as (largely
> unprivledged) user "www-data".
>
> Has this come up before?
>
> -Dan
>
>


More information about the perlbal mailing list