On Fri, 24 Nov 2006 11:14:51 -0800, Jeffrey Cunningham jeffrey@cunningham.net wrote:
On Fri Nov 24, 2006 at 06:41:07PM +0100, Edi Weitz wrote:
On Fri, 24 Nov 2006 08:36:33 -0800, Jeffrey Cunningham jeffrey@cunningham.net wrote:
You say something in your comments about SETUID and SETGID on the process to something other than root, but I don't know how to do that other than write a little C-code. Is there another way? If I understand you correctly, the idea would be to launch the server as root, then change the UID and GID for the running process.
Yes, those were the comments I was referring to :
"On Unix you can use setuid and setgid to change the UID and GID of the process directly after the server has been started. (You might want to do this if you're using a privileged port like 80.) setuid and setgid can be integers (the actual IDs) or strings (for the user and group name respectively)."
Forgive me if this is obvious, but I don't understand. In order to start the server from lisp running as a regular user, I have to specify a port. If I specify :port 80, it fails with an error message that the port is priviliged. So, I don't see how I could change setuid and setgid "after the server has been started". I see that in the UNIX package there are two functions: 'setuidexec and 'setgidexec. Would it work to call these *before* starting the server?
[Please use the mailing list.]
You start the Lisp image as root, load Hunchentoot, then call START-SERVER with the corresponding setuid/setgid arguments. That's basically how Apache and other apps do it as well (or AllegroServe).
Cheers, Edi.