is it safe to run net/haproxy as root?
Mark Martinec
Mark.Martinec+freebsd at ijs.si
Thu Apr 9 13:26:40 UTC 2015
Marko Cupać wrote:
> I am setting up haproxy for the first time, and of course my first OS
> choice is FreeBSD.
>
> Most services I am familiar with use their own service accounts which
> are created when port is installed (squid, ejabberd, mysql, clamav,
> vscan etc.). But haproxy does not create account, and there is no
> pkg-message, or any other reference which suggests I should create
> separate account, and also whether it needs shell, homedir etc. On the
> other hand, most web 'works for me' howtos mention running it under
> separate account.
>
> So, my question is the one from this mail's subject:
> Is it safe to run haproxy under root account? If not, what is the best
> practice regarding its user account's shell and homedir? Is there a
> recommendation for UID/GID?
It might be safe, but there is no compelling reason to run it as root,
and a common sense advises against it. Even if it needs to bind
to a low port number, haproxy is capable of dropping privilege after
binding to a socket, and continues running under some other uid/gid,
e.g.:
/usr/local/etc/haproxy.conf
global
daemon
user www
group www
[...]
Apparently there isn't any standard FreeBSD uid assigned for
this purpose. Either make up one, or it may be good enough
to re-use one of the existing ones, perhaps the www account.
Perhaps the haproxy port maintainer can be persuaded to assign
some account entry for this purpose.
Mark
More information about the freebsd-ports
mailing list