If I run Spyce as myself (instead of root), then I can't bind port 80. I
imagine you would suggest creating a spyce user and run as that user
(much as apache runs as user apache), but I haven't set that up just
yet. (If you have an even better suggestion on how to deal with this,
that might be useful.)
Anyway, back to the problem at hand. Running spyce as root, one of my
apps cannot acquire a read-lock when updating a CVS repository since you
have to be a member of the correct group to do so. (There are lots of
equivalent networking scenarios where a normal user might be qualified
to do something when root is not.) Inserting a setuid before invoking
cvs fixes the problem.
Now this approach might actually be the best long term solution since I
may eventually have to deal with CVS repositories managed by differing
groups. But assuming that does not not become a requirement, then it
occurred to me that it would be nice to be able to do some startup code
for my webapps after the server has initialized but before it handles
the first request. I didn't see a natural place to do that in the source
code, but I thought I would ask before taking a hack at it.
From: Jonathan Ellis [mailto:jonathan@...
Sent: Thursday, August 11, 2005 2:49 PM
To: Howard, Rock; Spyce Users
Subject: Re: [Spyce-users] Server Setup Question
On Thu, 11 Aug 2005 12:59:33 -0500, "Howard, Rock" <rock.howard@...>
> Now that I have my own machine (including root priviledges), I have=20
> gone ahead and set up the server to be launched by root so that it can
> commandeer port 80. That works fine, but several of my webapps are now
> stymied unless I do some setuid magic (which I have done by adding=20
> these calls to various .spy files.)
I don't follow -- if you're running as root (not necessarily the best
idea, but whatever) why are you further messing with setuid?