Forum

Drop privileges

Florian
4 December 2006, 15:59
Hallo,

Is Hiawatha able to drop privileges? Or to run as a user?

Greetings, Florian
Hugo Leisink
4 December 2006, 16:14
Yes. Use the ServerId option to do this. Look in the manpage for more information about this option. You can also start Hiawatha under a non-root uid. In that case, the ServerId option is ignored. Anyway, Hiawatha will never run as user root.
Javier Martínez
4 July 2007, 22:35
You can also start Hiawatha under a non-root uid.

But this means that hiawatha couldn't be get chrooted for example isn't it? Maybe you could limit the capacities granted before dropping privileges with the libcap facilitity (execcap binary) and grant for example only CAP_SETUID, CAP_SETGID, CAP_CHROOT and CAP_NET_BIND_SERVICE, probably it would be a proper solution rather than run the hiawatha daemon with UID not 0
Hugo Leisink
5 July 2007, 00:20
But this means that hiawatha couldn't be get chrooted for example isn't it?

Hiawatha can chroot before it drops root privileges. Use the ServerRoot option in httpd.conf to do this.
This topic has been closed.