On Sunday 26 June 2005 07:34, Mrad James Deane wrote: > my problem is i'm using freebsd and it can't let aolserver run on port 80 > with -u www so i'm trying to use setuidgid from daemontools because i have > succesffuly run qmail on port 25 using it with another user than root. > thanks
You cannot use setuidgid from the daemontools package. The tools in this package are designed to allow you to turn scripts into daemons safely and simply, but AOLserver already has everything you need built in, including setting uid and gid. You simply have to use the command line arguments -u username. If you read nsmain.c, you will see the commands that do the work. But the real problem is that you must create a process which runs as root initially to prebind the port. AOLserver does very little before giving up root, but it is still required. The current code allows you to choose any group, even one the user does not belong to, and even one which doesn't exist, and AOLserver will switch to that group. It used to allow running as the root group, but that looks like it is fixed. I guess the problem with only running as the primary group has been fixed, but it introduced this new bug. Maybe it would be worth investigating how setuidgid runs and incorporating this into nsmain.c, since one nice feature is that it removes all supplemental groups. Or maybe look at tcpserver, which does the same thing. Note that tcpserver has to incorporate the code to do this just like AOLserver, because it actually needs to run as root for a short time. setuidgid never allows the child process to run as root. tom jackson -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
