[hunchentoot-devel] unix setuid
Dr. Helmut G. Enders
helmut at cybernetic-systems.de
Tue Mar 18 21:03:13 UTC 2008
Ben Hyde wrote:
> One approach to this problem is write a very small C program that.
>
> 1. listens on the port
> 2. records listener's file description into an environment variable(s)
> 3. execs a command given it's remaining arguments.
>
> Combined with other tools found in daemontools you can then drop rights,
> switch users, etc. and finally invoke the actual Lisp process. This
> plays well with jails etc.
>
> The C program is easier to write, at least easier than the bit that
> converts the file handle into something useful for your Lisp process.
>
> - ben
> _______________________________________________
> tbnl-devel site list
> tbnl-devel at common-lisp.net
> http://common-lisp.net/mailman/listinfo/tbnl-devel
Thanks, but in the meantime (google..google) I found privbind.
I chmod u+s /usr/bin/privbind
and add
(setq inferior-lisp-program
"/usr/bin/privbind -u helmut -g helmut /usr/bin/sbcl")
to my .emacs
and add
screen -t Hunchentoot emacs -f slime
to my .screenrc
and add
(require 'hunchentoot)
(hunchentoot:start-server :port 80 :address <ip of eth0:1>)
to my .sbclrc
:-) and add
sudo -H -u helmut screen -d -m
to my /etc/init.d/screens
....
even after an reboot I login (or ssh to the server),
do a screen -r .... and be happy.
(Now my server has many eth0:x's with many
hunchentoolies, listening all on port 80 :-)
Helmut
More information about the Tbnl-devel
mailing list