[Twisted-Python] twistd --uid and --logfile
exarkun at twistedmatrix.com
exarkun at twistedmatrix.com
Wed Aug 18 10:01:52 MDT 2010
On 03:35 pm, p.mayers at imperial.ac.uk wrote:
>On 18/08/10 10:25, twisted-web at udmvt.ru wrote:
>>I think --uid option is too dangerous.
>>sudo or su or setuidgid (from http://cr.yp.to/daemontools.html) is
>>more
>>appropriate for changing uids.
>
>In all cases? I think not.
Making the directory world writeable is certainly insane and dangerous.
But in the case where the directory is only writeable by the user the
daemon is going to run as, and access to that user is restricted, I
don't see a problem.
>
>>It will always be hard to design application, that opens some files or
>>sockets and only then changes it's uids/gids.
>
>What about a daemon that needs to listen on ports <1024?
For this case, I would very strongly recommend authbind instead. And I
think this covers 99% of cases where you would otherwise need to start
up as root. For the remaining small number of cases, being able to
start as root and then shed privileges is definitely more convenient
than other approaches (although quite possibly inferior to them in all
other regards).
Jean-Paul
More information about the Twisted-Python
mailing list