[Pkg-erlang-commits] r1435 - yaws/trunk/debian
sgolovan at alioth.debian.org
sgolovan at alioth.debian.org
Sun May 13 14:53:14 UTC 2012
Author: sgolovan
Date: 2012-05-13 14:53:13 +0000 (Sun, 13 May 2012)
New Revision: 1435
Modified:
yaws/trunk/debian/changelog
yaws/trunk/debian/yaws.README.Debian
yaws/trunk/debian/yaws.default
Log:
[yaws]
* Added a short notice on how to bind to a privileged port in yaws.default
file comments and README.Debian.
Modified: yaws/trunk/debian/changelog
===================================================================
--- yaws/trunk/debian/changelog 2012-05-13 09:20:23 UTC (rev 1434)
+++ yaws/trunk/debian/changelog 2012-05-13 14:53:13 UTC (rev 1435)
@@ -3,13 +3,13 @@
* Switched to long options in init.d script because the short ones aren't
documented anymore.
* Added a short notice on how to bind to a privileged port in yaws.default
- file comments.
+ file comments and README.Debian.
* Change Yaws config files permissions only if the local admin didn't
override them using dpkg-statoverride.
* Switched to the snakeoil SSL certificate from generating a new one in
postinstallation script.
- -- Sergei Golovan <sgolovan at debian.org> Sun, 13 May 2012 11:16:37 +0400
+ -- Sergei Golovan <sgolovan at debian.org> Sun, 13 May 2012 16:40:55 +0400
yaws (1.92-2) unstable; urgency=low
Modified: yaws/trunk/debian/yaws.README.Debian
===================================================================
--- yaws/trunk/debian/yaws.README.Debian 2012-05-13 09:20:23 UTC (rev 1434)
+++ yaws/trunk/debian/yaws.README.Debian 2012-05-13 14:53:13 UTC (rev 1435)
@@ -11,7 +11,21 @@
dpkg-statoverride --add root yaws 04750 /usr/lib/yaws/priv/epam
-In the latter case only yaws (in fact, all users in group yaws) will be
-able to execute the binary.
+In the latter case only yaws user (in fact, all users in group yaws) will
+be able to execute the binary.
- -- Sergei Golovan <sgolovan at debian.org> Fri, 15 Jan 2010 14:30:39 +0300
+----------
+
+If you want Yaws to listen privileged ports (80 for HTTP or 443 for HTTPS)
+you may set the YAWS_USER variable in /etc/default/yaws config file to
+root. But if you don't want Yaws to run as root, you may grant it the
+capability for binding to privileged ports using the following command:
+
+setcap 'cap_net_bind_service=+ep' /usr/lib/erlang/erts-*/bin/beam \
+ 'cap_net_bind_service=+ep' /usr/lib/erlang/erts-*/bin/beam.smp
+
+Unfortunately, these capabilities will be lost after the next upgrade of
+Erlang packages, so you'll have to rerun the command after any Erlang
+upgrade.
+
+ -- Sergei Golovan <sgolovan at debian.org> Sun, 13 May 2012 16:40:33 +0400
Modified: yaws/trunk/debian/yaws.default
===================================================================
--- yaws/trunk/debian/yaws.default 2012-05-13 09:20:23 UTC (rev 1434)
+++ yaws/trunk/debian/yaws.default 2012-05-13 14:53:13 UTC (rev 1435)
@@ -1,4 +1,4 @@
-# Defaults for yaws initscript
+# Defaults for Yaws initscript
# sourced by /etc/init.d/yaws
# installed at /etc/default/yaws by the maintainer scripts
@@ -6,18 +6,22 @@
# This is a POSIX shell fragment
#
-# Default user which runs yaws web server.
-# If you want yaws to listen privileged port 80, set it to root
+# Default user which runs Yaws web server.
+# If you want Yaws to listen privileged port 80, set it to root
# or grant the capability for binding to privileged ports via
+#
# setcap 'cap_net_bind_service=+ep' /usr/lib/erlang/erts-*/bin/beam
-# (and/or beam.smp)
+#
+# (and/or beam.smp) and don't forget to regrant this capability
+# when Erlang will be upgraded.
YAWS_USER=yaws
-# Default yaws daemon id (when it starts from init script).
+# Default Yaws daemon id (when it starts from init script).
# Put only alphanumeric symbols to the YAWS_ID variable.
YAWS_ID=debian_yaws
-# Additional options that are passed to the Daemon.
+# Additional options that are passed to the daemon (see yaws(1)
+# for a full list).
# --heart restarts the daemon if it crashes
DAEMON_OPTS="--heart"
More information about the Pkg-erlang-commits
mailing list