On Thu, Jun 09, 2011 at 12:07:27AM +0200, Graeme Donaldson wrote: > On 9 June 2011 00:05, Jacob Fenwick <jacob.fenw...@gmail.com> wrote: > > > It seems like I must be root to start haproxy. > > > > I know that I can add a user line in global so that the process will change > > to say it is running as a non-root user once it is running, but it seems > > like I still need to be root to actually start it, or restart it. > > > > Is there any way around this? > > > > > I don't think there is, and if there was, you would be unable to listen on > any ports <1024, as only root can do that.
Well, many people start it as non-root on ports >= 1024. That's very common among developers who all like to have their own instance. For this you just have to remove the "user" and "group" lines and ensure that all your ports are >= 1024 and that your maxconn is low enough to accomodate the default 1024 file descriptors limit which is imposed to non-root users. Ah, and if you're not root, you can't chroot either. Those constraints are the precise reason why it's highly recommended to start it as root. But if you can't, there's no problem as long as you can live with the constraints. As an example, all my test config files use unprivileged ports so that I can start it without being root during development sessions. Cheers, Willy
