Drop user priveleges #7

Closed
nilsga opened this Issue Aug 30, 2012 · 7 comments

3 participants

@nilsga

Is it possible to start hipache on port 80 and then drop priveleges to a non-admin user?

@jpetazzo

Not planned for now; but tagging as enhancement since this would be indeed an interesting feature.

@testuser1 testuser1 added a commit to testuser1/hipache that referenced this issue Oct 5, 2013
@testuser1 testuser1 Drop priveleges, fixes #7 ad97a02
@dmp42
hipache member

Is this still something wanted in the app?

Or can we instead suggest that people start the app with a non-root user / non privileged port and instead use setcap / authbind / iptables?

@dmp42 dmp42 added this to the 0.4 milestone Mar 22, 2014
@dmp42
hipache member

@samalba @jpetazzo

I would love to get your input on this (see my previous comment). Also, from the OS integration/distribution future POV? (not at ease with that part)

@jpetazzo

Dropping privileges would be nice, but in the short term, setcap is totally acceptable.

@dmp42
hipache member

@jpetazzo Thanks! I'll get priv dropping in the 0.4 timeframe then.

@dmp42 dmp42 self-assigned this Apr 19, 2014
@dmp42 dmp42 referenced this issue Apr 21, 2014
Closed

0.4 #128

@dmp42
hipache member

Here is the proposed behavior implemented in the PR:

  • if running as root:
    • if no user key specified in the configuration, scream and drop dead
    • if one really wants to keep it root, one needs to have a user: "root" (or user: 0) in the config file
    • if there is a user key specified to something else than root, the workers will drop privileges as soon as they bound
    • if there is a group specified, drop group privileges to its value
    • if there is no group specified, we will try to drop group privileges as well, to a group named after the user key (that's nginx behavior IIRC)
  • if not running as root, do nothing...

Note:

  • the master keeps running as root - which may be considered a bad thing but is obviously necessary to pop new workers with the appropriate rights
  • support both names (will block during resolution) and ids
@dmp42
hipache member

It's on master (-> 0.4) (#143).

@dmp42 dmp42 closed this Apr 29, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment