psychomario
commented
7 years ago Previously discussed in #108
I just did a quick test and if you really need to do this then you can setcap python in a virtualenv to achieve the same results.
Open Apachez- opened 7 years ago
psychomario
commented
7 years ago Previously discussed in #108
I just did a quick test and if you really need to do this then you can setcap python in a virtualenv to achieve the same results.
Its usually considered bad practice to be forced to run an application as root.
On *nix this is however mandatory if you want to be able to listen to sockets with port number 1023 or below (as with tftp server who listens at port 69 but also the http server who goes for port 80 etc) - at least when your software starts.
The reason to drop privilege is that if the code borks the software is not left running with root-permissions but some other user of your choice (in PyPXE case perhaps "tftp" as user or whatever you like) which wont automagically have a full system access.
Making it optional to drop privilege (along with a config-value of which user one want PyPXE to drop into) would also "fix" any issues with operatingsystems where this isnt possible when using python (that is the drop privilege shouldnt be mandatory).