trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan M. Carroll" <...@network-geographics.com>
Subject Re: Unable to bind socket: 80 : Permission denied
Date Tue, 09 Apr 2013 18:20:19 GMT
Expected, using libcap is more secure but not more powerful. Essentially it enables the traffic_manager
and traffic_server processes to completely drop root access and still work. Without it they
retain the ability to restore super user status because otherwise they cannot perform restricted
operations (such as bind to a reserved port).

The only thing I can suggest at this point is to enable "lm" debug tags - those might provide
some further insight. When a reserved port is bound without libcap (which is normally done
in the traffic_manager process) it has to reset the euid to 0 and possibly that is failing
because of VZ. 


Mime
View raw message