Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop privileges if started as root #7

Open
glaslos opened this issue Jul 26, 2016 · 10 comments
Open

Drop privileges if started as root #7

glaslos opened this issue Jul 26, 2016 · 10 comments

Comments

@glaslos
Copy link
Member

glaslos commented Jul 26, 2016

If Glutton is started as root, we should drop privileges to the nobody user.
@HashCode55
Copy link
Contributor

Hi Lukas, I wrote this small snippet to drop the privileges -

    uid := syscall.Getuid()
	if uid == 0 {
		// process is running as root
		logger.Info("[glutton ] The server is running as root. Dropping privilages to nobody...")
		// drop the group privilages to nobody user
		if err := syscall.Setgid(65534); err != nil {
			logger.Fatal("Could not set group privilages. ", err)
		} else {
			logger.Info("[glutton ] Group privilages dropped.")
		}
		// drop the user privilages
		if err := syscall.Setuid(65534); err != nil {
			logger.Fatal("Could not set user privilages. ", err)
		} else {
			logger.Info("[glutton ] User privilages dropped.")
		}
	}

But unfortunately, the implementation of Getuid is not at all reliable for a multithreaded code. I compiled the code and tested it in my environment with it always failing with operation not supported.

Refs -
http://stackoverflow.com/questions/41248866/golang-dropping-privileges-v1-7
There is a ticket in the golang codebase too -
golang/go#1435

@glaslos
Copy link
Member Author

glaslos commented Mar 16, 2017

Well, tell me, why do we have to run Glutton as root?

@HashCode55
Copy link
Contributor

@glaslos I don't know if I'm right or not but what I thought was we don't have to run glutton server as root. I'm sorry if I'm wrong about it.

@glaslos
Copy link
Member Author

glaslos commented Mar 16, 2017

Try to figure out why we need to run as root...

@HashCode55
Copy link
Contributor

I need root privileges to bind to port numbers under 1024.

@glaslos
Copy link
Member Author

glaslos commented Mar 16, 2017

Where do we need root privileges?

@HashCode55
Copy link
Contributor

HashCode55 commented Mar 17, 2017
edited
Loading

When we are initializing the ssh proxy, specifically, when we are trying to bind the docker proxy to the ssh port. And that means I cannot drop the privileges in the beginning. I'll have to drop it after binding the port. Also that log.Fatal call was catastrophic in that case. Am I right?

@glaslos
Copy link
Member Author

glaslos commented Mar 19, 2017

Forget about docker. Think about how we get the packages in the first place.

@glaslos
Copy link
Member Author

glaslos commented Nov 23, 2017

@HashCode55 are you still looking into this?

@t3chn0m4g3
Copy link
Contributor

Have you figured how to run w/o root privileges?

Even when manually adding capabilities to server via setcap I am not able to run server w/o root privileges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@glaslos @t3chn0m4g3 @HashCode55