From: Howard, R. <roc...@am...> - 2005-08-11 21:26:29
|
If I run Spyce as myself (instead of root), then I can't bind port 80. I imagine you would suggest creating a spyce user and run as that user (much as apache runs as user apache), but I haven't set that up just yet. (If you have an even better suggestion on how to deal with this, that might be useful.) Anyway, back to the problem at hand. Running spyce as root, one of my apps cannot acquire a read-lock when updating a CVS repository since you have to be a member of the correct group to do so. (There are lots of equivalent networking scenarios where a normal user might be qualified to do something when root is not.) Inserting a setuid before invoking cvs fixes the problem. Now this approach might actually be the best long term solution since I may eventually have to deal with CVS repositories managed by differing groups. But assuming that does not not become a requirement, then it occurred to me that it would be nice to be able to do some startup code for my webapps after the server has initialized but before it handles the first request. I didn't see a natural place to do that in the source code, but I thought I would ask before taking a hack at it. Rock =20 -----Original Message----- From: Jonathan Ellis [mailto:jon...@ca...]=20 Sent: Thursday, August 11, 2005 2:49 PM To: Howard, Rock; Spyce Users Subject: Re: [Spyce-users] Server Setup Question On Thu, 11 Aug 2005 12:59:33 -0500, "Howard, Rock" <roc...@am...> said: > Now that I have my own machine (including root priviledges), I have=20 > gone ahead and set up the server to be launched by root so that it can > commandeer port 80. That works fine, but several of my webapps are now > stymied unless I do some setuid magic (which I have done by adding=20 > these calls to various .spy files.) I don't follow -- if you're running as root (not necessarily the best idea, but whatever) why are you further messing with setuid? -Jonathan |