Willy, Thanks for your quick response.
I did some experimenting and realized you were right. I think my issue why I couldn't run it as anything but root was because I was using the -p option to store the pid in /var/run/haproxy.pid, which could only accessed by root. However, I am still having some problems. I'm trying to restart haproxy using a Python script that I call from Apache using this haproxy command: /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -st 4140 I'm not exactly sure what I'm doing wrong but I'm getting this error: * Starting haproxy haproxy [ALERT] 158/203608 (4374) : error when trying to preserve previous UNIX socket (/tmp/haproxy). Aborting. [ALERT] 158/203608 (4374) : [/usr/sbin/haproxy.main()] Some protocols failed to start their listeners! Exiting. ...fail! Before this error I was having some issues that were clearly privilege related. I've verified that /var/run/haproxy.pid and /tmp/haproxy, which both seem to be accessed, both have chmod 777. Everyone at least has read/write access on /etc/haproxy/haproxy.cfg. The user Apache runs the script as is www-data, so I made sure to start haproxy with the global parameter user set to www-data. Not sure if you have to be the same user as you started it as the first time but I assume you do. Do you know what I could be doing wrong here? Jacob On Wed, Jun 8, 2011 at 6:20 PM, Willy Tarreau <[email protected]> wrote: > On Thu, Jun 09, 2011 at 12:07:27AM +0200, Graeme Donaldson wrote: > > On 9 June 2011 00:05, Jacob Fenwick <[email protected]> wrote: > > > > > It seems like I must be root to start haproxy. > > > > > > I know that I can add a user line in global so that the process will > change > > > to say it is running as a non-root user once it is running, but it > seems > > > like I still need to be root to actually start it, or restart it. > > > > > > Is there any way around this? > > > > > > > > I don't think there is, and if there was, you would be unable to listen > on > > any ports <1024, as only root can do that. > > Well, many people start it as non-root on ports >= 1024. That's very common > among developers who all like to have their own instance. For this you just > have to remove the "user" and "group" lines and ensure that all your ports > are >= 1024 and that your maxconn is low enough to accomodate the default > 1024 file descriptors limit which is imposed to non-root users. Ah, and if > you're not root, you can't chroot either. > > Those constraints are the precise reason why it's highly recommended to > start it as root. But if you can't, there's no problem as long as you can > live with the constraints. > > As an example, all my test config files use unprivileged ports so that I > can start it without being root during development sessions. > > Cheers, > Willy > >
