httpd: need root privileges

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

httpd: need root privileges

Alfred Morgan
I tried starting a temporary httpd server on port 8080 as a user to serve
some files and I found this error:
httpd: need root privileges

I would think there would be value in letting httpd be run by standard
users.
--
-alfred
Reply | Threaded
Open this post in threaded view
|

Re: httpd: need root privileges

Ingo Schwarze
Hi Alfred,

Alfred Morgan wrote on Tue, Mar 19, 2019 at 08:05:33AM -0500:

> I tried starting a temporary httpd server on port 8080
> as a user to serve some files and I found this error:
> httpd: need root privileges
>
> I would think there would be value in letting httpd be run
> by standard users.

For security reasons, you absolutely do *not* want that.

You do not want to run a network daemon as your normal login user.
If the network daemon contained a bug, remote attackers might
read or modify the private files of your local user.

You really want the network daemon to run as a *dedicated* user
which doesn't have access to resources it doesn't need.  On OpenBSD,
that low-privileged user is called "www":

   $ ps -Ao user,command | grep [h]ttpd
  www      httpd: server (httpd)
  root     /usr/sbin/httpd
  www      httpd: server (httpd)
  www      httpd: logger (httpd)
  www      httpd: server (httpd)

This is *privilege separation*.  In particular, you want the "logger"
process and the "server" processes chroot(2)ed and setresuid(2)ed to
www, see proc.c, proc_run(), all of which requires root privileges
to set up.

Starting up a network daemon without root privileges would be
inherently insecure.

Yours,
  Ingo

Reply | Threaded
Open this post in threaded view
|

Re: httpd: need root privileges

Flipchan
In reply to this post by Alfred Morgan
Listen to ingo's advice, just put the stuff in a dir in /var/www/

On March 19, 2019 2:05:33 PM GMT+01:00, Alfred Morgan <[hidden email]> wrote:
>I tried starting a temporary httpd server on port 8080 as a user to
>serve
>some files and I found this error:
>httpd: need root privileges
>
>I would think there would be value in letting httpd be run by standard
>users.
>--
>-alfred

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Reply | Threaded
Open this post in threaded view
|

Re: httpd: need root privileges

worik
In reply to this post by Ingo Schwarze
On 20/03/19 3:01 AM, Ingo Schwarze wrote:

> Hi Alfred,
>
> Alfred Morgan wrote on Tue, Mar 19, 2019 at 08:05:33AM -0500:
>
>> I tried starting a temporary httpd server on port 8080
>> as a user to serve some files and I found this error:
>> httpd: need root privileges
>>
>> I would think there would be value in letting httpd be run
>> by standard users.
> For security reasons, you absolutely do *not* want that.
>
> You do not want to run a network daemon as your normal login user.
> If the network daemon contained a bug, remote attackers might
> read or modify the private files of your local user.
>
> You really want the network daemon to run as a *dedicated* user
> which doesn't have access to resources it doesn't need.  On OpenBSD,
> that low-privileged user is called "www":
>
>    $ ps -Ao user,command | grep [h]ttpd
>   www      httpd: server (httpd)
>   root     /usr/sbin/httpd
>   www      httpd: server (httpd)
>   www      httpd: logger (httpd)
>   www      httpd: server (httpd)
>
> This is *privilege separation*.  In particular, you want the "logger"
> process and the "server" processes chroot(2)ed and setresuid(2)ed to
> www, see proc.c, proc_run(), all of which requires root privileges
> to set up.
>
> Starting up a network daemon without root privileges would be
> inherently insecure.


Yes.

But is the error message:

httpd: need root privileges

Accurate?

--
    If not me then who?  If not now then when?  If not here then where?
              So, here I stand, I can do no other
    [hidden email] 021-1680650, (03) 4821804 Aotearoa (New Zealand)

Reply | Threaded
Open this post in threaded view
|

Re: httpd: need root privileges

Otto Moerbeek
On Wed, Mar 20, 2019 at 08:38:18PM +1300, worik wrote:

> On 20/03/19 3:01 AM, Ingo Schwarze wrote:
> > Hi Alfred,
> >
> > Alfred Morgan wrote on Tue, Mar 19, 2019 at 08:05:33AM -0500:
> >
> >> I tried starting a temporary httpd server on port 8080
> >> as a user to serve some files and I found this error:
> >> httpd: need root privileges
> >>
> >> I would think there would be value in letting httpd be run
> >> by standard users.
> > For security reasons, you absolutely do *not* want that.
> >
> > You do not want to run a network daemon as your normal login user.
> > If the network daemon contained a bug, remote attackers might
> > read or modify the private files of your local user.
> >
> > You really want the network daemon to run as a *dedicated* user
> > which doesn't have access to resources it doesn't need.  On OpenBSD,
> > that low-privileged user is called "www":
> >
> >    $ ps -Ao user,command | grep [h]ttpd
> >   www      httpd: server (httpd)
> >   root     /usr/sbin/httpd
> >   www      httpd: server (httpd)
> >   www      httpd: logger (httpd)
> >   www      httpd: server (httpd)
> >
> > This is *privilege separation*.  In particular, you want the "logger"
> > process and the "server" processes chroot(2)ed and setresuid(2)ed to
> > www, see proc.c, proc_run(), all of which requires root privileges
> > to set up.
> >
> > Starting up a network daemon without root privileges would be
> > inherently insecure.
>
>
> Yes.
>
> But is the error message:
>
> httpd: need root privileges
>
> Accurate?
>
> --
>     If not me then who?  If not now then when?  If not here then where?
>               So, here I stand, I can do no other
>     [hidden email] 021-1680650, (03) 4821804 Aotearoa (New Zealand)
>

Yes, because the code needs to do chroot, which is root-only for good
reasons.

        -Otto

Reply | Threaded
Open this post in threaded view
|

Re: httpd: need root privileges

Marc Espie-2
In reply to this post by worik
On Wed, Mar 20, 2019 at 08:38:18PM +1300, worik wrote:

> Yes.
>
> But is the error message:
>
> httpd: need root privileges
>
> Accurate?

This is the paradox of modern secure code.

You need to start stuff as root because you want to do stuff in startup
code that you can only do as root, namely:
- chroots
- dropping privileges to dedicated users.

Yep, it's counter-intuitive, but most modern standard Unix secure code
is *more secure* when started as root.