Date: Thu, 09 Apr 2015 09:05:19 -0500 From: Mark Felder <feld@FreeBSD.org> To: freebsd-ports@freebsd.org Subject: Re: is it safe to run net/haproxy as root? Message-ID: <1428588319.1982383.251264557.2FD824BC@webmail.messagingengine.com> In-Reply-To: <f833db9e029a6efa808e5b00106f1d06@mailbox.ijs.si> References: <20150409114426.0081485b@efreet> <f833db9e029a6efa808e5b00106f1d06@mailbox.ijs.si>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 9, 2015, at 08:26, Mark Martinec wrote: > > Perhaps the haproxy port maintainer can be persuaded to assign > some account entry for this purpose. > This wouldn't be a perfect solution. If you're going to be proxying port 80 and 443 you need to initially run as root, but perhaps by default in the config file we could drop privs to the haproxy user? Sounds like we need some better documentation on best practices, too.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1428588319.1982383.251264557.2FD824BC>