Hi,
I was trying to run lighttpd as non root user in "
https://github.com/seL4/sel4webserver"; demo and realized it didn't allowed
me no matter if I configured /etc/passwd, /etc/group and /etc/shadow and
/etc/lighttpd.conf correctly. As I don't have debug tools in this Linux VM
to look what's going on I decided to directly modify the lighttpd source
code to bypass some native code of the web server and hardcode my own
user/group. Looks like it works and I now have lighttpd running with it's
own user:
# ps -ef
PID USER COMMAND
1 root init
(...)
60 root /sbin/syslogd -n
64 root /sbin/klogd -n
108 lighttpd lighttpd -f /etc/lighttpd.conf
110 root /sbin/getty -L tty1 0 vt100
(...)
I also changed the ownership of the /run/site tree to be owned by root.
The changes I did in the source code are basically to bypass "getgrnam()"
and "getpwnam()" syscalls as I suspect for some reason (musl libc guilty??)
and manually set the setgid value before the chroot. I know this is a very
dirty hack... but it works for me.
My question is if anyone thinks this can be useful to others I can create a
pull request with the changes. I think that even if this is a demo, it is
not nice to run lighttpd as root, even for a static website. Of course the
"right"/elegant way of solving this would be not to change lighttpd source
code... but I was unable to do that way.
Let me know your opinions.
Cheers,
_______________________________________________
Devel mailing list -- devel@sel4.systems
To unsubscribe send an email to devel-leave@sel4.systems
