[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Can't start webrick as the root user

Pra Bhandar

5/23/2009 2:29:00 PM

Hi,

I am trying to start Webrick as root user and get TCP Bind error even
though the port appears to be not taken. Running the same script as a
non-root user that owns the ruby installs works just fine.

1) Running dvdelta_start.sh runs just fine as a non root user
2) Running the same script gives me TCP Bind error
su - dvdelta -c "/opt/apps/datavail/current-delta/dvdelta_start.sh
start" 2>&1 >>/tmp/dvdelta.log

I'd appreciate any pointers to help debug this issue.

Thanks.

Prakash
+++++++++++++++++++++++++++++++++++


The log file shows the following -

[2009-05-22 04:46:37] INFO WEBrick 1.3.1
[2009-05-22 04:46:37] INFO ruby 1.8.7 (2009-04-08) [x86_64-linux]
[2009-05-22 04t:46:47] WARN TCPServer Error: Address already in use -
bind(2)
[2009-05-22 04:46:47] INFO WEBrick::HTTPServer#start: pid=30733
port=8192



login as: root

++++++++++++++++++++++++++++++++++++++++++++++++++
class JobServer

def initialize(jobRepository, port)
@repos = jobRepository
@port = port
end

def run
@server = HTTPServer.new( :Port => @port )
@server.mount("/styles.css", CssServlet)
@server.mount("/jobs", ListJobsServlet, @repos)
@server.mount("/deploy", DeployJobServlet, @repos)
@server.mount("/", IndexServlet)
trap("INT"){ @server.shutdown }
@server.start
end

end
/
++++++++++++++++++++++++++++++++++++++++++++++++++++
Calling the server start...

server = JobServer.new(jobRepository, 8192)
server.run

++++++++++++++++++++++++++++++++++++++++++++++++++++
The log file shows the following -

[2009-05-22 04:46:37] INFO WEBrick 1.3.1
[2009-05-22 04:46:37] INFO ruby 1.8.7 (2009-04-08) [x86_64-linux]
[2009-05-22 04:46:47] WARN TCPServer Error: Address already in use -
bind(2)
[2009-05-22 04:46:47] INFO WEBrick::HTTPServer#start: pid=30733
port=8192
--
Posted via http://www.ruby-....
5 Answers

pharrington

5/23/2009 3:26:00 PM

0

On May 23, 10:28 am, Pra Bhandar <pbhandari2...@gmail.com> wrote:
> Hi,
>
> I am trying to start Webrick as root user and get TCP Bind error even
> though the port appears to be not taken.  Running the same script as a
> non-root user that owns the ruby installs works just fine.
>
> 1) Running dvdelta_start.sh runs just fine as a non root user
> 2) Running the same script gives me TCP Bind error
>  su - dvdelta -c "/opt/apps/datavail/current-delta/dvdelta_start.sh
> start" 2>&1 >>/tmp/dvdelta.log
>
> I'd appreciate any pointers to help debug this issue.
>
> Thanks.
>
> Prakash
> +++++++++++++++++++++++++++++++++++
>
> The log file shows the following -
>
> [2009-05-22 04:46:37] INFO  WEBrick 1.3.1
> [2009-05-22 04:46:37] INFO  ruby 1.8.7 (2009-04-08) [x86_64-linux]
> [2009-05-22 04t:46:47] WARN  TCPServer Error: Address already in use -
> bind(2)
> [2009-05-22 04:46:47] INFO  WEBrick::HTTPServer#start: pid=30733
> port=8192
>
> login as: root
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++
> class JobServer
>
>    def initialize(jobRepository, port)
>      @repos = jobRepository
>      @port = port
>    end
>
>    def run
>     @server = HTTPServer.new( :Port => @port )
>     @server.mount("/styles.css", CssServlet)
>     @server.mount("/jobs", ListJobsServlet, @repos)
>     @server.mount("/deploy", DeployJobServlet, @repos)
>     @server.mount("/", IndexServlet)
>     trap("INT"){ @server.shutdown }
>     @server.start
>    end
>
> end
> /
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
> Calling the server start...
>
>   server = JobServer.new(jobRepository, 8192)
>   server.run
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
> The log file shows the following -
>
> [2009-05-22 04:46:37] INFO  WEBrick 1.3.1
> [2009-05-22 04:46:37] INFO  ruby 1.8.7 (2009-04-08) [x86_64-linux]
> [2009-05-22 04:46:47] WARN  TCPServer Error: Address already in use -
> bind(2)
> [2009-05-22 04:46:47] INFO  WEBrick::HTTPServer#start: pid=30733
> port=8192
> --
> Posted viahttp://www.ruby-....

Did you check to make sure that your app *really* isn't binding to
port 8192? If it isn't, strace and netstat will be able to isolate
that problem.

More importantly, why does your app need to run as root? Running as
root and connecting to the internet is the most reliable way to ensure
you get compromised. If there are certain resources that *absolutely*
require root to obtain, then obtain them as early as possible
(definitely before starting the WEBrick server), then setuid down to a
saner user.

MK

5/23/2009 3:42:00 PM

0

pharrington wrote:
> On May 23, 10:28�am, Pra Bhandar <pbhandari2...@gmail.com> wrote:
> More importantly, why does your app need to run as root? Running as
> root and connecting to the internet is the most reliable way to ensure
> you get compromised. If there are certain resources that *absolutely*
> require root to obtain, then obtain them as early as possible
> (definitely before starting the WEBrick server), then setuid down to a
> saner user.

If you are just doing some development work on a non-server box you
would have to be insane to believe this is a security risk. I usually
program as root, it is much more convenient. I've never run WEBrick as
anything *but* root.

It's not clear from the OP whether it works as some other user altho
that seems to be implied.
--
Posted via http://www.ruby-....

pharrington

5/23/2009 4:07:00 PM

0

On May 23, 11:41 am, Mk 27 <halfcountp...@intergate.com> wrote:
> pharrington wrote:
> > On May 23, 10:28 am, Pra Bhandar <pbhandari2...@gmail.com> wrote:
> > More importantly, why does your app need to run as root? Running as
> > root and connecting to the internet is the most reliable way to ensure
> > you get compromised. If there are certain resources that *absolutely*
> > require root to obtain, then obtain them as early as possible
> > (definitely before starting the WEBrick server), then setuid down to a
> > saner user.
>
> If you are just doing some development work on a non-server box you
> would have to be insane to believe this is a security risk.  I usually
> program as root, it is much more convenient.  I've never run WEBrick as
> anything *but* root.
>
> It's not clear from the OP whether it works as some other user altho
> that seems to be implied.
> --
> Posted viahttp://www.ruby-....

If the WEBrick server is only listening on localhost than yes, that's
not going to impose any security risk (and since he's not specifying
the the IP... I probably did overreact). Still, the fact that he's
specifically trying to have this running as root when it works as
other users implies a reason. And is programming as root really that
much more convenient than having to type "sudo" every once-in-a-while
to restart apache or install gems?

Brian Candler

5/23/2009 4:43:00 PM

0

Pra Bhandar wrote:

> The log file shows the following -
>
> [2009-05-22 04:46:37] INFO WEBrick 1.3.1
> [2009-05-22 04:46:37] INFO ruby 1.8.7 (2009-04-08) [x86_64-linux]
> [2009-05-22 04t:46:47] WARN TCPServer Error: Address already in use -
> bind(2)
> [2009-05-22 04:46:47] INFO WEBrick::HTTPServer#start: pid=30733
> port=8192

This is a WEBrick bug (which I reported separately a long time ago). It
has successfully bound to port 8192, as the final line confirms. The
bind error log message is spurious.
--
Posted via http://www.ruby-....

Pra Bhandar

5/27/2009 4:45:00 PM

0

Thanks for everyone's response. The application was starting but not
finding the right directory after the login as a non-root user which I
mistakenly thought was due to port conflict. All I had to do was look at
the strace output more closely. Now with the right directory, it works
without any issues. I was barking up the wrong tree - and and am really
appreciative for folks who responded quickly.

As far as the root user vs non-root user discussion, the application
does need to be started as a non-root user since I don't want to have
support groups needing root password. This piece of puzzle was for
init.d configuration so that the root user kicked off the daemon after a
server bounce.

Thanks.

Prakash


Brian Candler wrote:
> Pra Bhandar wrote:
>
>> The log file shows the following -
>>
>> [2009-05-22 04:46:37] INFO WEBrick 1.3.1
>> [2009-05-22 04:46:37] INFO ruby 1.8.7 (2009-04-08) [x86_64-linux]
>> [2009-05-22 04t:46:47] WARN TCPServer Error: Address already in use -
>> bind(2)
>> [2009-05-22 04:46:47] INFO WEBrick::HTTPServer#start: pid=30733
>> port=8192
>
> This is a WEBrick bug (which I reported separately a long time ago). It
> has successfully bound to port 8192, as the final line confirms. The
> bind error log message is spurious.

--
Posted via http://www.ruby-....