Re: How Do I Run a Java App with Superuser Privileges?
Re: How Do I Run a Java App with Superuser Privileges?
- Subject: Re: How Do I Run a Java App with Superuser Privileges?
- From: "William C. McCain" <email@hidden>
- Date: Tue, 14 Dec 2004 00:50:45 -0800
Hey -- I *DID* say my reasons were not particularly persuasive, didn't I?
But do try to understand my app in its context. It's a CD changer
automation program for audiophiles. It's strictly targeted to home
users, not businesses. Sure Mac OS X is a multi-user OS, but hardly
anybody ever uses it that way in a home environment. (Not often in a
business "desktop" environment either, except at Kinko's and kiosks.)
I don't expect users to run my app on a Mac OS server, since few home
users have them, but in practice a long-running, unattended app like
mine has more the flavor of a "system app" than a "user app". If there
were a way to install it as such, I would.
I truly did not and do not expect that my users will want to run another
"personal Web server" on the same machine. So far, only one of my users
of the Windoze version has had a conflict on port 80 -- and it turned
out that the other app wasn't really a Web server, it was ANOTHER
audio/video application that also was binding to port 80, for roughly
the same reasons that my app does! But the user wasn't using the
service that app provided on port 80, and it was easy to "turn it off".
I *DO* expect that eventually I will get around to making my HTTP port
configurable. I'm just "putting it off". (My app also uses another IP
port for a proprietary, non-HTTP protocol, and I made that port number
configurable in the private port number range long ago.)
Bill
Paul Forgey wrote:
See MHO answered point by point below:
William C. McCain wrote:
1. Apple lets users run Apache on their Macs, though few non-geek
end-users do so. So why not my app, too?
At risk of misunderstanding your point and going into facts you probably
already know, it's a _system wide_ app running as root (initially,
before dropping to the apache user), and the only process which may bind
to port 80 while it is running. The per-user stuff you see is part of
the apache configuration, and not the result of any daemon listening on
port 80 running directly because of that user. Are you requiring users
not run any other web server if they run your server?
2. My app has been available for some time on the dominant
monopolist's OS, and it runs fine there without any privileges (even
on XP SP2).
Yeah. Winsuck lets non-priviledged users do a lot of horrible things.
Because Microsoft lets you do it doesn't mean it's a good idea. You
should see the resulting ms-specific twists on SO_REUSEADDR and related
bizarre behaviors which have been needed to hack around this in a way
that still lets most applications work while reducing the risk of
allowing this. But all that's for another list.
On multi users system, privileged ports are privileged for a reason,
unless you are Windows where any joe user who can log in can subvert the
web server, or any other server, for their own purposes. Windows is
not, nor ever will be, a system where unprivileged interactive access
may be allowed without significant compromise to security. While this
is more or less true for any system, it is especially true for Windows.
3. If I change the port number, I'll have to make it configurable,
which is a real PITA (not that I'm lazy, mind you). Of course, if one
of my users ever DOES want to run both Apache and my app on the same
machine, at least ONE of us will have to be re-configured ...
Or you could let Apache still run.
Why not use Rendezvous? Pick a port automatically and advertise it. If
your app also runs on Windows, you may want to look into Howl which
gives you the same interface on both Windows and Mac-OS. The best way
to listen on a free port is to bind to port 0 and then use getsockname
after the socket is bound to find out which port the kernel atomically
found free and bound the socket to listen on. This doesn't work on all
platforms (it isn't part of the original BSD sockets behavior), but it
does work at least on Linux, Mac-OS and even Windows.
For users that don't want to use Rendezvous or would like to set up
firewall rules, make the listening port an application preference. It
may be a pain to do, but so else is writing software.
4. It's actually rather convenient for my built-in Web server to be
"standard", as it has other uses besides the master/remote interface.
For instance, users (and I) can check my product's "log files" from
their Web browsers on the remote machines. (Yes, I know you can
specify a non-standard port in a URL, but I said this was a
"convenience" issue.)
If you use Rendezvous, Safari will list your service automatically in
the bookmarks menu.
You need to find a much better reason to bind to port 80 than to save
users' typing. Are you really the only web server on the machine?
Unless you have convinced IANA that you deserve to be a known port, you
will need to do a combination of automatically finding your own dynamic
port to bind to and letting the user set it.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden