Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 


   


   


   















      :: nginx-ru
Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Start use capabilities on linux



On Wed, Mar 18, 2009 at 04:23:48AM +0300, Maxim Dounin wrote:

> Hello!
> 
> On Wed, Mar 18, 2009 at 12:36:47AM +0300, Kirill A. Korinskiy wrote:
> 
> > From: Kirill A. Korinskiy <catap@xxxxxxxx>
> > 
> > The nginx required privilege mode only on master process and only bind
> > ports <1024. In linux proccess can bind ports <1024 in not privilege
> > mode if the process does capset(CAP_NET_BIND_SERVICE).
> 
> Note that using root for master process needed not only for 
> bind(), but also to access restricted configuration files (e.g.  
> private keys) during reconfiguration.  So dropping root from 
> master should be at least configurable.
> 
> It's also not clear what will happen on binary upgrade.  Looks 
> like with current code capabilities will be lost on exec() and 
> upgraded binary won't be able to bind() privileged ports anymore.  
> But I'm not really familiar will linux capabilites interface, so I 
> may be wrong.
> 
> Not even mentioning you are dropping root before writing pidfile. 
> :)

The root privileges is also required to rotate logs if they are in
a directories where workers can not write: master opens files and
chown/chmod() them.

> Also there is a couple of unrelated changes and some whitespace 
> damage/style violations, but it doesn't really matter.
> 
> Maxim Dounin


-- 
Igor Sysoev
http://sysoev.ru/en/



 




Copyright © Lexa Software, 1996-2009.