[icecast] Different User
steve.smith at isay.com.au
Mon Apr 23 18:37:48 PDT 2001
"harvey" == harvey smith <harvey at buskers.org> writes:
> On Mon, 23 Apr 2001, Steve Smith wrote:
>> "harvey" == harvey smith <harvey at buskers.org> writes: > Hi All, Hey
>> there is no reason to run icecast as root. So the easy > thing is
>> just not run icecast as root. In fact why are you running > as root
>> to begin with??
>> If icecast is run from startup scripts on boot then it will almost
>> certainly be running as root.
> Then the start up scripts are in error, you could do a 'su' in the
> script. Wgere did you get the start-up scripts from?
Sorry, I was a bit quick off the bat there. Yes, a startup script
should do 'su' if the application doesn't need root. However, there
are times where you may need to run as root (if wish to listen on a
port < 1024, for instance. I don't know of anyone doing this, but
they may wish to.) If this is necessary, then icecast should drop the
privileges as soon as it has finished with them.
In my case, I need the root privileges as I want icecast to run in a
chroot jail. Once the jail is entered root privileges should be
dropped. This is tricky/not possible unless the application is aware
of it's privileges and can drop them. Entering a jail is also much
trickier when done external to the application. So I've patched
icecast to do all this for me, in a simple and configurable way.
Besides, I'm a believer in "secure by default", or at least "security
should be easy". Having the security settings in icecast and
available as an option on installation means that security is
available to the none-expert user.
Anyway, enough of the soapbox, I'll post the first version of the
patch to this list and -devel soon.
--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Icecast