On Wed, Mar 20, 2019 at 08:38:18PM +1300, worik wrote:
> On 20/03/19 3:01 AM, Ingo Schwarze wrote:
> > Hi Alfred,
> >
> > Alfred Morgan wrote on Tue, Mar 19, 2019 at 08:05:33AM -0500:
> >
> >> I tried starting a temporary httpd server on port 8080
> >> as a user to serve some files and I found this error:
> >> httpd: need root privileges
> >>
> >> I would think there would be value in letting httpd be run
> >> by standard users.
> > For security reasons, you absolutely do *not* want that.
> >
> > You do not want to run a network daemon as your normal login user.
> > If the network daemon contained a bug, remote attackers might
> > read or modify the private files of your local user.
> >
> > You really want the network daemon to run as a *dedicated* user
> > which doesn't have access to resources it doesn't need. On OpenBSD,
> > that low-privileged user is called "www":
> >
> > $ ps -Ao user,command | grep [h]ttpd
> > www httpd: server (httpd)
> > root /usr/sbin/httpd
> > www httpd: server (httpd)
> > www httpd: logger (httpd)
> > www httpd: server (httpd)
> >
> > This is *privilege separation*. In particular, you want the "logger"
> > process and the "server" processes chroot(2)ed and setresuid(2)ed to
> > www, see proc.c, proc_run(), all of which requires root privileges
> > to set up.
> >
> > Starting up a network daemon without root privileges would be
> > inherently insecure.
>
>
> Yes.
>
> But is the error message:
>
> httpd: need root privileges
>
> Accurate?
>
> --
> If not me then who? If not now then when? If not here then where?
> So, here I stand, I can do no other
> [email protected] 021-1680650, (03) 4821804 Aotearoa (New Zealand)
>
Yes, because the code needs to do chroot, which is root-only for good
reasons.
-Otto
