[hunchentoot-devel] How do I run a standalone server on port 80?
Jeffrey Cunningham
jeffrey at cunningham.net
Fri Nov 24 20:35:54 UTC 2006
I've been bothering Edi in a private email thread that really should have been directed to the list (sorry Edi). Here's the thread:
> On Fri, 24 Nov 2006 08:36:33 -0800, Jeffrey Cunningham <jeffrey at cunningham.net> wrote:
>
> > You say something in your comments about SETUID and SETGID on the
> > process to something other than root, but I don't know how to do
> > that other than write a little C-code. Is there another way? If I
> > understand you correctly, the idea would be to launch the server as
> > root, then change the UID and GID for the running process.
>
> http://weitz.de/hunchentoot/#start-server
>
Yes, those were the comments I was referring to :
"On Unix you can use setuid and setgid to change the UID and GID of
the process directly after the server has been started. (You might
want to do this if you're using a privileged port like 80.) setuid and
setgid can be integers (the actual IDs) or strings (for the user and
group name respectively)."
Forgive me if this is obvious, but I don't understand. In order to
start the server from lisp running as a regular user, I have to
specify a port. If I specify :port 80, it fails with an error message
that the port is priviliged. So, I don't see how I could change setuid
and setgid "after the server has been started". I see that in the UNIX
package there are two functions: 'setuidexec and 'setgidexec. Would it
work to call these *before* starting the server?
I apologize for taking so much of your time.
Regards,
-Jeff
I think maybe I figured it out. I should start the server from lisp
running as root, but using setuid and setgid values for a
non-privileged user. I was looking at your code and it appears you
switch them after the server has started.
One of the things I really like about your server is the ability to
hack the handler code on the fly while the server is
operating. Wouldn't this be a little dangerous if I have to run from
lisp as root?
--Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20061124/c176492c/attachment.sig>
More information about the Tbnl-devel
mailing list