uid of perlbal process?
Brad Fitzpatrick
brad at danga.com
Mon Feb 12 17:19:49 UTC 2007
Wow, that surprises me as well. I guess on LiveJournal we run it on high
ports (not 80), so I never noticed.
One admittedly weak argument in our defense: it is written in Perl, not C,
so it's already tons safer. :-)
Patch?
Should be as easy as adding "sub MANAGE_user" and "sub MANAGE_group" (or
combine them) in lib/Perlbal.pm.
On Mon, 12 Feb 2007, Daniel Risacher wrote:
>
> I installed perlbal recently (in prep for trying to make cometd work), and I was
> mildly disturbed to not see any way to make it run as a user other than root.
> Since it needs to grab port 80, it obviously needs to start as root, but it
> seems like it could (should?) drop root privledge after opening the listen
> socket. I'm pretty accustomed to the idea of the web server running as (largely
> unprivledged) user "www-data".
>
> Has this come up before?
>
> -Dan
>
>
More information about the perlbal
mailing list