Re: selinux question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Aug 21, 2018, at 1:27 PM, Nataraj <incoming-centos@xxxxxxx> wrote:
> 
> I have a web application which uses sudo to invoke python scripts as the
> user under which the application runs (NO root access).

Why is the web app not running with that user’s permissions in the first place?

If your answer is that it needs root access to bind to port 80, there are two common solutions:

1. Start the service as root, set up the port 80 listener, then drop privileges internally with getpwent(“myuser”) and setuid(my_uid).

2. Use an HTTP[S] proxy server, such as Apache with mod_proxy configured.  Bind the actual web app to localhost and a high-numbered random port, then forward external port 80 hits to the internal service.  This method has the additional advantage that you can use the path part of the URL to relieves the web app of having to serve hits for the static resources — *.js, *.png, *.css… — which can speed the application up.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux