Hi Mark, Am Dienstag, 26. August 2014 20:02:43 UTC+2 schrieb Mark Moorcroft: > > Apache and postfix both manage to run as non-root on low ports. >
The way most UNIX daemons (like Apache httpd or Postfix) are doing this is by starting with root privileges (UID 0) which allows them to bind privileged ports (every port < 1024). After they succesfully acquired the port, they drop root privileges. In case of Java applications like Graylog2 it is not that easy because Java was designed to be platform independent which conversely means that OS-specifics (like UNIX privileges and capabilities) are not supported natively. > So I was wondering if it's on the radar to allow this with GL2? I realize > apache and postfix manage this trick through various "hoops" jumped > through. But at the end of the day I wonder if you will eventually be able > to install GL2 web with 443 enabled and it "just works"? > Of course you might run the Graylog2 web interface as root user, but we definitely *do not* recommend this for security reasons! The best approach currently is to use authbind <https://packages.debian.org/stable/authbind> which Lennart already mentioned. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
