With this methid we can change the group. But how change the user ? Because i put my new group and user in my conf haproxy, and i receive back " cannot find user id"
Regards, Mathieu 2015-02-19 10:25 GMT+01:00 Jarno Huuskonen <[email protected]>: > Hi, > > On Thu, Feb 19, Mathieu Sergent wrote: > > And how it's possible to able the haproxy user to have the CAP_NET_ADMIN > > capability ? > > I think you could set(setcap) CAP_NET_ADMIN to haproxy binary: > (https://wiki.archlinux.org/index.php/Capabilities > http://packetlife.net/blog/2010/mar/19/sniffing-wireshark-non-root-user/) > > so: setcap cap_net_admin=eip /usr/sbin/haproxy > (I didn't test this). > > > 2015-02-19 9:55 GMT+01:00 Lukas Tribus <[email protected]>: > > > > > > Hi, > > > > > > > > I'm trying to use he option source of HAProxy in order to have the > > > > client's address from my web server. > > > > > > > > So i add this option in defaults : "source 0.0.0.0 usesrc clientip". > > > > > > > > When I restart HAProxy, i receive back this message : " Some > > > > configuration options require full privileges, so global.uid cannot > be > > > > changed. " > > > > > > > > I found that is possible to use this option being root, with comment > > > > out following lines in conf : "&user haproxy > > > > &group haproxy " > > > > > > > > But for security reason, i need to use this option without being > root, > > > > i would know if it's possible with changing a configuration? > > > > > > The haproxy user needs to have the CAP_NET_ADMIN capability. That > > > way, you can drop privileges to non-root, but still use the usesrc > keyword. > > -- > Jarno Huuskonen >
