Skip to content
This repository has been archived by the owner on Dec 20, 2018. It is now read-only.

Drop root privileges after listening #33

Closed
Acconut opened this issue Apr 9, 2014 · 6 comments
Closed

Drop root privileges after listening #33

Acconut opened this issue Apr 9, 2014 · 6 comments

Comments

@Acconut
Copy link
Contributor

Acconut commented Apr 9, 2014

bud should drop root privileges (if running as root) after it started to listen.
@indutny
Copy link
Owner

indutny commented Apr 9, 2014

I see a problem with a current implementation that is so far preventing me from doing it: every worker is reading cert/key from a file system at start. The proper solution would require transferring cert/key from a master to a worker via IPC pipe. Need to seriously consider it...

@indutny
Copy link
Owner

indutny commented Apr 9, 2014

Actually, this is a bit over the top for now (transferring cert/key over IPC), the correct steps to implement it would be:

  1. Add user and group options to the config.c/config.h
  2. Translate user and group to uid and gid in config.c.
  3. Use setgid()/setuid()

The user should be responsible for setting proper permissions on the cert/key files.

@indutny
Copy link
Owner

indutny commented Apr 10, 2014

@Acconut any luck with this?

@Acconut
Copy link
Contributor Author

Acconut commented Apr 11, 2014

Yesterday I had no time and now I'm trying to find the source of the segmentation fault. :)

@indutny
Copy link
Owner

indutny commented Apr 29, 2014

ping @Acconut ;)

@Acconut Acconut mentioned this issue Apr 30, 2014
Closed
@indutny
Copy link
Owner

indutny commented May 18, 2014

it has actually landed.

@indutny indutny closed this as completed May 18, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@indutny @Acconut