[erlang-questions] Priviliged ports and effective UID

Claes Wikstrom <>
Tue Oct 28 19:10:40 CET 2008


Kevin wrote:
> 
> Hello, I can't find an answer to this anywhere.  In erlang how does one deal with the problem of starting erlang as root, binding to a privileged port, and then change the effective user id to something other than root.
> 
> In a daemon process written in c or even perl, a process is started by an init script, which is run as root, it then binds to port, 25, 80, etc, and then it sets its effective UID and effective GID to something more harmless, like httpd/httpd.
> 
> I know you can start the whole thing like su httpd -c erl, but this doesnt allow for binding to prilileged port first.
> 
> And please don't tell me to use open_port() or write a linked in driver :-)


open_port will not work, this code has to execute in the same UNIX process.
I used to have support for this in Yaws, whereby Yaws started as root, bound
its ports and then changed uid.

This was good, however it led to major havocs with some other stuff, e.g.
ownership of logfiles etc, so I actually removed the feature.
The code is still there in yaws though - as a linked in driver. You can find
the driver (setuid_drv.c ) in the yaws src.

It has to be a linked in driver, either that or change the emulator source.
There is no other way.

There are some tips at http://yaws.hyber.org/wiki/showPage.yaws?node=fdserver


/klacke




More information about the erlang-questions mailing list