>if you want to run something as a user, you have to first start it as root and then drop privileges
On what fucking planet is this more secure than just letting users start http servers? Why the fuck are Unix developers so fucking dumb? It's not 1970 anymore, no one uses fucking rsh. setuid is a fucking joke too, there were so many privilege escalation exploits in that heap of shit.
>>55221435
>i want to be able to run a program as any other user without having administrator privileges
>/g/, 2016
You could limit the user to only run the specific commands required to work with Apache, for instance.
It needs root for many things, namely the process probably binds to port 80 and ports under 1000 or something by default require root.
Also, much more priv esc shit in Windows.
>>55221435
> Running httpd
> Not running httpd in a jail
Text quality bait...
>>55221435
typically apache will run as its own user, if you're not launching it as that user, you will need to run it as root so it has permission to switch to that user
>>55221464
>>55221517
oh, and >>55221482
ports 1-1024 are privileged, normal users generally can't listen from them
>>55221435
>lets just let anyone start a service that has access to both the network and the file system!
>>55221616
that much is typically allowed, as long as you use a port >1024
>>55221636
How do you set it up so that it keeps running when your session ends?
>>55221491
>needing a jail when you should be able to just run it as a fucking user that has no permissions
>>55221464
>>55221616
>programs that shouldn't need admin privileges need it because it wants to bind on a fucking port that's not over 1000
Oh no, some user is going to crash my fucking web server and start serving his own shit on that port. Oh wait, that server doesn't even host a web server. This restriction is fucking useless.
>>55221435
>Wahh! Why can't I used privileged ports as a normal user?!
>>55221650
tmux
>>55221655
Why are you quoting my post? I said nothing about ports.
>>55221664
But that is run as root, with setuid, isn't it?
>>55221671
>>lets just let anyone start a service that has access to both the network and the file system!
This one? Because I can do literally all of that if I use port 8080 or whatever the fuck as a normal user. It's literally only about ports.
>>55221792
This one: >>55221464
and it's a response to
>if you want to run something as a user, you have to first start it as root and then drop privileges
Notice how neither mention anything about ports.
setcap 'cap_net_bind_service=+ep' /path/to/program
There now your program can bind to ports below 1024 without having to run as root.
>>55221852
Don't you have to run that as root?
>>55221801
ok.
>>i want to be able to run a program as any other user without having administrator privileges
What the fuck does this mean? I'm literally trying to start the httpd as the logged in user. There's nothing about switching users. The only thing that's stopping me is the port restriction.
>>55221650
nohup
>>55221861
Obviously.
>>55221907
Should have mentioned which user.
>>55221918
I guess it's not clear from the screenshot. The error was for port 80 as a normalfag user.
>>55221909
Yeah, seems it's as easy as overriding SIGHUP. Thanks.
Run it on another port, then, and run something likeiptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8080
Tada the problem is solved
