index.md (1712B)
1 Do not require root privileges 2 ============================== 3 4 Description 5 ----------- 6 This patch removes the necessity and ability to run quark as root. quark 7 will neither chroot(2) into the serving directory nor change the UID, 8 GID or ownership of the UNIX-domain socket file. It will only serve 9 files under its current working directory; absolute paths and ".." are 10 normalized into relative ones to the current working directory or 11 vhost ones. 12 13 Process related functions, like 'setpgrp(2)' and 'setrlimit(2)', are also 14 removed because your system already has better tools to manage process 15 credentials and capabilities. For example, to bind quark on tcp port 16 80, you can set ambient capability `CAP_NET_BIND_SERVICE` from root, 17 cd into www-root, setuid into unpriviliged user and exec into quark. 18 19 quark already normalizes URL paths for ".." directories, thus internal 20 path that is passed to filesystem-operating functions can safely be 21 constructed with "./" or vhost prefix. 22 23 The only way to leave the working directory is through symbolic links, 24 but quark doesn't create any new files, so it's safe. Besides, symbolic 25 links are usefull for pointing to the files outside of www-root without 26 a need to bind-mount other directories, hardlinks or copy all the 27 files. chroot(2) limits you from doing all that, besides creating more 28 problems from changing process root directory. 29 30 This patch has not been tested with a UNIX-domain socket file. 31 32 Download 33 -------- 34 * [quark-noroot-20191003-3c7049e.diff](quark-noroot-20191003-3c7049e.diff) 35 * [quark-noroot-20260211-5ad0df9.diff](quark-noroot-20260211-5ad0df9.diff) 36 37 Author 38 ------ 39 * Richard Ulmer <codesoap AT mailbox DOT org> 40 * Rogo <goryachev.romochka@gmail.com>