At 12:50 AM 2/13/2004, Ben Greear wrote: >Jeff Trawick wrote: >>Ben Greear wrote: >> >>>I have need of a web-server which can bind to a particular >>>device, both by binding to the local IP address and >>>also using the setsockopt(... SO_BINDTODEVICE) call. >> >>>Would there be any chance that such a patch would >>>be accepted into the main tree? >> >>sure there's a chance ;) if a patch isn't hard to create and you need such a server >>anyway, post the patch and let us see what this involves; please note that new >>features like this should be in 2.1-dev... you didn't mention which level of Apache >>you were interested in enhancing > >I'm working on 2.0.48, the latest stable. I assume the patch will >port forward to the development version fairly easily. > >One question I have: I need root priv to SO_BINDTODEVICE. But, >it appears to be highly un-cool to run apache as root. So, is >there any easy way to get root priv just while running the bind? > >I will need to bind during the initial listening phase, and also >after an accept is done.
The only sane answer is to pass the ports back from a parent-process thread that spools em up. but that won't work after the connection is accepted unless you pass them back through a Unix domain socket to be 'blessed' by bindtodevice. Are you certain you need to do this after accept? I would think the incoming request is already bound to a specific adapter. If you only need root creating the listeners on specific adapters, you already have root (heh - even http on port 80 needs root to create the listeners :-) Bill