LWN.net Logo

BSD-style securelevel comes to Linux — again

BSD-style securelevel comes to Linux — again

Posted Sep 19, 2013 22:48 UTC (Thu) by hummassa (subscriber, #307)
In reply to: BSD-style securelevel comes to Linux — again by mm7323
Parent article: BSD-style securelevel comes to Linux — again

Why not

chown nginx.nginx /dev/port/80
and then starting nginx as user nginx, group nginx? no privileges used, only at install-time...


(Log in to post comments)

BSD-style securelevel comes to Linux — again

Posted Sep 20, 2013 0:41 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

because you would have to create the whole infrastructure for /dev/port/80 first. and if you can get agreement from everyone on how that would work, you will have done something very impressive.

BSD-style securelevel comes to Linux — again

Posted Sep 20, 2013 11:55 UTC (Fri) by cortana (subscriber, #24596) [Link]

Perhaps I'm naïve in hoping that systemd's tmpfiles.d mechanism can be adopted more widely.

echo c /dev/port/80 0700 nginx nginx - maj:min > /etc/tmpfiles.d/nginx.conf

BSD-style securelevel comes to Linux — again

Posted Sep 20, 2013 2:18 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Well, the cases I can think of that this scheme misses as-is are: what interface for port 80? TCP or UDP? Which IP addresses? Then how to persist that information (udev I assume). That's a lot of bikesheds.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds