Date: Sun, 21 Mar 2021 14:33:00 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 254463] www/caddy: caddy always runs as root Message-ID: <bug-254463-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D254463 Bug ID: 254463 Summary: www/caddy: caddy always runs as root Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: wolfi@karpador.xyz CC: daniel.tihanyi@tetragir.com Flags: maintainer-feedback?(daniel.tihanyi@tetragir.com) CC: daniel.tihanyi@tetragir.com While setting up caddy, I noticed that it always runs as root; I think that= is not appropriate for a webserver. There is no rc value or anything provided = that would allow you to make it drop privileges. I'm assuming this is because while caddy does provide a daemon mode where it forks to the background, it does not actually have a flag that makes it drop privileges like other webservers do. As far as I can tell, this would best be solved by running `caddy run` wrap= ped in a `daemon` instead of directly using the `caddy start` daemon mode. That= way a `caddy_user` option can be added to make it run as www instead of root (w= hich should also be the default). I could contribute this fix if it's deemed appropriate, but I'm not familiar with svn, so I would probably have to wait for the git transition of the po= rts. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-254463-7788>