Binding a Daemon Process to a lower port without root?

Byron Clark byron at theclarkfamily.name
Sat Sep 15 16:27:53 MDT 2007


On Sat, Sep 15, 2007 at 04:15:31PM -0600, Steve wrote:
> Programs like Apache don't typically run as root, they either run as
> the Apache user, or as user nobody or some such thing.  And yet they
> are able to bind to these lower ports.  How is this achieved.
> My best guess thus far is that something is cheating, by launching the
> process as root and then changing the user to Apache or whatever,
> after the bind to port 80 has taken place.  If that is true how is
> that accomplished?  Also is this something that I should code my
> program to do, or is it something that is handled by an init script?
> My money is on the init script at this time, but I'm wondering if
> anyone else has any ideas, or if I'm possibly missing something here.

The general method is to start as root, do what you need to as root, and
then switch to the user.group you want to run as.  Cherokee (another web
server I had sitting around) does this switch by calling initgroups(3),
setgid(2), and then setuid(2).

--
Byron Clark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20070915/887a0d52/attachment.bin 


More information about the PLUG mailing list