[plt-scheme] anyone written a web-server app that drops privileges on Unix?
Why is this not a construct provided by the server library?
On Feb 16, 2010, at 6:07 PM, Jay McCarthy wrote:
> It is also very easy to use the ffi to call setuid. Call it after
> calling serve.
>
> Jay
>
> On Tue, Feb 16, 2010 at 3:36 PM, YC <yinso.chen at gmail.com> wrote:
>> A couple of possible ways that I know of -
>>
>> Use an apache mod_proxy as the frontend to web-server
>> Use iptables to redirect port 80 to another port (say 8080) -
>> http://www.groovygrails.de/blog/groovygrails/entry/non_root_tomcat_on_port
>>
>> HTH. Cheers,
>> yc
>>
>> On Tue, Feb 16, 2010 at 2:13 PM, Danny Yoo <dyoo at cs.wpi.edu> wrote:
>>>
>>> Hi everyone,
>>>
>>> I'm writing a small web servlet using the PLT Scheme web server
>>> libraries. The servlet needs to run on port 80, but on Unix
>>> systems,
>>> I need to be root to bind to port 80. I feel a little nervous
>>> when I
>>> have a long-running, network-accessible service, especially if it
>>> runs
>>> as the superuser. Does anyone have any suggestions on how to drop
>>> privileges here?
>>> _________________________________________________
>>> For list-related administrative tasks:
>>> http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>>
>>
>> _________________________________________________
>> For list-related administrative tasks:
>> http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>>
>>
>
>
>
> --
> Jay McCarthy <jay at cs.byu.edu>
> Assistant Professor / Brigham Young University
> http://teammccarthy.org/jay
>
> "The glory of God is Intelligence" - D&C 93
> _________________________________________________
> For list-related administrative tasks:
> http://list.cs.brown.edu/mailman/listinfo/plt-scheme
![[logo]](/logo.png){kind=logo}