And how it's possible to able the haproxy user to have the CAP_NET_ADMIN capability ?
2015-02-19 9:55 GMT+01:00 Lukas Tribus <[email protected]>: > > Hi, > > > > I'm trying to use he option source of HAProxy in order to have the > > client's address from my web server. > > > > So i add this option in defaults : "source 0.0.0.0 usesrc clientip". > > > > When I restart HAProxy, i receive back this message : " Some > > configuration options require full privileges, so global.uid cannot be > > changed. " > > > > I found that is possible to use this option being root, with comment > > out following lines in conf : "&user haproxy > > &group haproxy " > > > > But for security reason, i need to use this option without being root, > > i would know if it's possible with changing a configuration? > > The haproxy user needs to have the CAP_NET_ADMIN capability. That > way, you can drop privileges to non-root, but still use the usesrc keyword. > > > Lukas > >
