Projects
Wiki     Timeline     Roadmap     Browse Source     View Tickets     New Ticket     Search

Ticket #295 (closed Defect: Software changed)

Opened 5 years ago

Last modified 4 years ago

memcached error on CS when I input a new event

Reported by: filippos@… Owned by: wsanchez@…
Priority: 1: Blocker Milestone: CalendarServer-2.2
Component: Calendar Server Severity: Crash/data loss
Keywords: memcached Cc:
Port:

Description

error on CS when I input a new event

[memcached] can't run as root without the -u switch

Change History

comment:1 Changed 5 years ago by wsanchez@…

Hrm. Yes. Here's a work-around until we fix this... add -u calendar to the list of options passed to memcached. For example:

  <!-- Support for Memcached -->
  <key>Memcached</key>
  <dict>
    <key>Options</key>
    <array>
      <string>-u</string>
      <string>calendar</string>
    </array>
  </dict>

comment:2 Changed 5 years ago by filippos@…

this is not working, same error at start

2008-07-19 08:43:25+0300 [-] [caldav-8008]  [-] twisted.web2.channel.http.HTTPFactory starting on 8443
2008-07-19 08:43:25+0300 [twistedcaldav.accesslog.AMPLoggingFactory] AMPLoggingProtocol connection established (HOST:UNIXSocket('logs/caldavd.sock') PEER:UNIXSocket(''))
2008-07-19 08:43:25+0300 [-] [caldav-8008]  [-] AMP connection established (HOST:UNIXSocket(None) PEER:UNIXSocket('logs/caldavd.sock'))
2008-07-19 08:43:25+0300 [-] [memcached] can't run as root without the -u switch
2008-07-19 08:43:28+0300 [-] [memcached] can't run as root without the -u switch
2008-07-19 08:43:35+0300 [-] [memcached] can't run as root without the -u switch
2008-07-19 08:43:50+0300 [-] [memcached] can't run as root without the -u switch

comment:3 Changed 5 years ago by wsanchez@…

  • Priority changed from 2: Expected to 1: Blocker
  • Status changed from new to assigned
  • Milestone changed from Linux Port to 2.0

From the milestone, I assume this is on Linux? Shouldn't really matter though...

Making this a P1 for 2.0.

comment:4 Changed 5 years ago by aaron.grattafiori@…

Running CalendarServer as root is NOT a good idea. Especially because you don't need any of roots permissions (its trival to add a calendar user that runs caldavd).

comment:5 Changed 5 years ago by wsanchez@…

Aaron, CalendarServer drops privileges to the user configured in its config file after doing some operations that may require root access, such as binding to the listen port (which in many cases would be port 80, a privileged port) or setting up some log files which the running server doesn't need write access to.

It is not a bad idea to start the server as root, if properly configured, but it is true than in some deployments, it may not be necessary.

comment:6 Changed 4 years ago by wsanchez@…

  • Status changed from assigned to closed
  • Resolution set to Software changed

If you are not starting as root, leave out the UserName and GroupName config options and the server will not try to drop privs and will also not pass the -u flag to memcached.

Note: See TracTickets for help on using tickets.