[systemd-devel] Simple question.
Mantas Mikulėnas
grawity at gmail.com
Fri Jan 25 12:42:47 PST 2013
On Fri, Jan 25, 2013 at 7:16 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>
>
> Am 25.01.2013 18:14, schrieb Mantas Mikulėnas:
>> On Fri, Jan 25, 2013 at 6:50 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>>> Am 25.01.2013 17:42, schrieb Daniel J Walsh:
>>>> How would I write a unit file to run an apache service as the user dwalsh (3267)
>>> why would someone do this with systemd?
>>> httpd needs to get started as root to bind the port!
>>
>> Not if you give it the CAP_NET_BIND_SERVICE capability.
>> Also, there are many valid uses for Apache on ports above 1024
>
> and what does this change in the fact that httpd has
> it's own configuration options for user and group?
That some users may want to take advantage of modern Linux features
and run httpd without *ever* giving it full root privileges – which it
needs for precisely two things, bind() and setuid().
--
Mantas Mikulėnas
More information about the systemd-devel
mailing list