Summary: | www/caddy: caddy always runs as root | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Jonas Rinner <wolfi> |
Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> |
Status: | Closed FIXED | ||
Severity: | Affects Many People | CC: | daniel.tihanyi |
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(daniel.tihanyi) |
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Jonas Rinner
2021-03-21 14:33:00 UTC
Hi, yes, Caddy runs as root. There is another issue open to update Caddy to 2.3.0, would you may be able to provide a patch there? https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254436 Thanks! Hi and thanks, I did already see that bug; but just now I realized (well, discovered with help) that a webserver should bind to its privileged ports (80, 443) first and then drop privileges. So this is really an upstream bug that should be reported to caddy. I will go on and report it there. Update: I've looked into it further and it looks like they gave up on the idea: https://github.com/caddyserver/caddy/issues/528 However it should still be possible for us to run it through daemon; the user will be root by default, and if the admin decides that he doesn't want that, they can use mac_portacl to allow it binding to a privileged port or just use a reverse-proxy in front of it. I can try providing a patch at bug #254436, but I don't think I can do an svn patch; I'm not familiar enough with that setup. I could provide a git patch if that's an option. Fixed by ports r569408 |