Can't start webrick as the root user

[Pra Bhandar]

Hi,

I am trying to start Webrick as root user and get TCP Bind error even
though the port appears to be not taken. Running the same script as a
non-root user that owns the ruby installs works just fine.

1) Running dvdelta_start.sh runs just fine as a non root user
2) Running the same script gives me TCP Bind error
su - dvdelta -c "/opt/apps/datavail/current-delta/dvdelta_start.sh
start" 2>&1 >>/tmp/dvdelta.log

I'd appreciate any pointers to help debug this issue.

Thanks.

Prakash
+++++++++++++++++++++++++++++++++++


The log file shows the following -

[2009-05-22 04:46:37] INFO WEBrick 1.3.1
[2009-05-22 04:46:37] INFO ruby 1.8.7 (2009-04-08) [x86_64-linux]
[2009-05-22 04t:46:47] WARN TCPServer Error: Address already in use -
bind(2)
[2009-05-22 04:46:47] INFO WEBrick::HTTPServer#start: pid=30733
port=8192



login as: root

++++++++++++++++++++++++++++++++++++++++++++++++++
class JobServer

def initialize(jobRepository, port)
@repos = jobRepository
@port = port
end

def run
@server = HTTPServer.new( ort => @port )
@server.mount("/styles.css", CssServlet)
@server.mount("/jobs", ListJobsServlet, @repos)
@server.mount("/deploy", DeployJobServlet, @repos)
@server.mount("/", IndexServlet)
trap("INT"){ @server.shutdown }
@server.start
end

end
/
++++++++++++++++++++++++++++++++++++++++++++++++++++
Calling the server start...

server = JobServer.new(jobRepository, 8192)
server.run

++++++++++++++++++++++++++++++++++++++++++++++++++++
The log file shows the following -

[2009-05-22 04:46:37] INFO WEBrick 1.3.1
[2009-05-22 04:46:37] INFO ruby 1.8.7 (2009-04-08) [x86_64-linux]
[2009-05-22 04:46:47] WARN TCPServer Error: Address already in use -
bind(2)
[2009-05-22 04:46:47] INFO WEBrick::HTTPServer#start: pid=30733
port=8192

 

[pharrington]

Hi,

I am trying to start Webrick as root user and get TCP Bind error even
though the port appears to be not taken.  Running the same script as a
non-root user that owns the ruby installs works just fine.

1) Running dvdelta_start.sh runs just fine as a non root user
2) Running the same script gives me TCP Bind error
 su - dvdelta -c "/opt/apps/datavail/current-delta/dvdelta_start.sh
start" 2>&1 >>/tmp/dvdelta.log

I'd appreciate any pointers to help debug this issue.

Thanks.

Prakash
+++++++++++++++++++++++++++++++++++

The log file shows the following -

[2009-05-22 04:46:37] INFO  WEBrick 1.3.1
[2009-05-22 04:46:37] INFO  ruby 1.8.7 (2009-04-08) [x86_64-linux]
[2009-05-22 04t:46:47] WARN  TCPServer Error: Address already in use -
bind(2)
[2009-05-22 04:46:47] INFO  WEBrick::HTTPServer#start: pid=30733
port=8192

login as: root

++++++++++++++++++++++++++++++++++++++++++++++++++
class JobServer

   def initialize(jobRepository, port)
     @repos = jobRepository
     @port = port
   end

   def run
    @server = HTTPServer.new( ort => @port )
    @server.mount("/styles.css", CssServlet)
    @server.mount("/jobs", ListJobsServlet, @repos)
    @server.mount("/deploy", DeployJobServlet, @repos)
    @server.mount("/", IndexServlet)
    trap("INT"){ @server.shutdown }
    @server.start
   end

end
/
++++++++++++++++++++++++++++++++++++++++++++++++++++
Calling the server start...

  server = JobServer.new(jobRepository, 8192)
  server.run

++++++++++++++++++++++++++++++++++++++++++++++++++++
The log file shows the following -

[2009-05-22 04:46:37] INFO  WEBrick 1.3.1
[2009-05-22 04:46:37] INFO  ruby 1.8.7 (2009-04-08) [x86_64-linux]
[2009-05-22 04:46:47] WARN  TCPServer Error: Address already in use -
bind(2)
[2009-05-22 04:46:47] INFO  WEBrick::HTTPServer#start: pid=30733
port=8192

Did you check to make sure that your app *really* isn't binding to
port 8192? If it isn't, strace and netstat will be able to isolate
that problem.

More importantly, why does your app need to run as root? Running as
root and connecting to the internet is the most reliable way to ensure
you get compromised. If there are certain resources that *absolutely*
require root to obtain, then obtain them as early as possible
(definitely before starting the WEBrick server), then setuid down to a
saner user.

 

[Mk 27]

More importantly, why does your app need to run as root? Running as
root and connecting to the internet is the most reliable way to ensure
you get compromised. If there are certain resources that *absolutely*
require root to obtain, then obtain them as early as possible
(definitely before starting the WEBrick server), then setuid down to a
saner user.

If you are just doing some development work on a non-server box you
would have to be insane to believe this is a security risk. I usually
program as root, it is much more convenient. I've never run WEBrick as
anything *but* root.

It's not clear from the OP whether it works as some other user altho
that seems to be implied.

 

[pharrington]

If you are just doing some development work on a non-server box you
would have to be insane to believe this is a security risk.  I usually
program as root, it is much more convenient.  I've never run WEBrick as
anything *but* root.

It's not clear from the OP whether it works as some other user altho
that seems to be implied.

If the WEBrick server is only listening on localhost than yes, that's
not going to impose any security risk (and since he's not specifying
the the IP... I probably did overreact). Still, the fact that he's
specifically trying to have this running as root when it works as
other users implies a reason. And is programming as root really that
much more convenient than having to type "sudo" every once-in-a-while
to restart apache or install gems?

 

[Brian Candler]

The log file shows the following -

[2009-05-22 04:46:37] INFO WEBrick 1.3.1
[2009-05-22 04:46:37] INFO ruby 1.8.7 (2009-04-08) [x86_64-linux]
[2009-05-22 04t:46:47] WARN TCPServer Error: Address already in use -
bind(2)
[2009-05-22 04:46:47] INFO WEBrick::HTTPServer#start: pid=30733
port=8192

This is a WEBrick bug (which I reported separately a long time ago). It
has successfully bound to port 8192, as the final line confirms. The
bind error log message is spurious.

 

[Pra Bhandar]

Thanks for everyone's response. The application was starting but not
finding the right directory after the login as a non-root user which I
mistakenly thought was due to port conflict. All I had to do was look at
the strace output more closely. Now with the right directory, it works
without any issues. I was barking up the wrong tree - and and am really
appreciative for folks who responded quickly.

As far as the root user vs non-root user discussion, the application
does need to be started as a non-root user since I don't want to have
support groups needing root password. This piece of puzzle was for
init.d configuration so that the root user kicked off the daemon after a
server bounce.

Thanks.

Prakash

The log file shows the following -

[2009-05-22 04:46:37] INFO WEBrick 1.3.1
[2009-05-22 04:46:37] INFO ruby 1.8.7 (2009-04-08) [x86_64-linux]
[2009-05-22 04t:46:47] WARN TCPServer Error: Address already in use -
bind(2)
[2009-05-22 04:46:47] INFO WEBrick::HTTPServer#start: pid=30733
port=8192

This is a WEBrick bug (which I reported separately a long time ago). It
has successfully bound to port 8192, as the final line confirms. The
bind error log message is spurious.