Skip to content

Instantly share code, notes, and snippets.

@isaacs

isaacs/s.js

Created April 30, 2012 23:00
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save isaacs/2563474 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save isaacs/2563474 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
s.js
var cluster = require('cluster')
if (cluster.isMaster) {
// spawn worker bees
cluster.fork()
cluster.fork()
cluster.fork()
cluster.fork()
} else {
// worker bees only need root to listen, and then downgrade
var http = require('http')
http.createServer(function (req, res) {
res.writeHead(200)
res.end('ok')
}).listen(80, function () {
if (process.getuid() === 0) process.setuid(-2)
})
}
@coltrane

coltrane commented Apr 30, 2012

Copy link
Copy Markdown

It would be nice to be able to do the downgrade once - in the master - rather than each time a child launches.
This is also probably a bit more secure, since children never have elevated privs at all.

var cluster = require('cluster')

if (cluster.isMaster) {

  cluster.initListener(80);   // this is the function my patch adds

  // now, downgrade
  process.setgid('peon');
  process.setuid('peon');

  // now, spawn worker bees - without ever giving them privs to begin with
  cluster.fork()
  cluster.fork()
  cluster.fork()
  cluster.fork()
} else {
  // worker bees only need root to listen, and then downgrade
  var http = require('http')
  http.createServer(function (req, res) {
    res.writeHead(200)
    res.end('ok')
  }).listen(80, function () {
    // no need to downgrade here, because workers always run after downgrade
  })
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment