On 10. nov. 2010, at 16.21, Abhilash wrote: > Hi Dustin, thanks for the quick response. Please see my comments > below. > >> You've really gone out of your way to run it as root. Why is it so >> important to you to do that? I think it's a rather awful idea. > > Can you please suggest the best way to run memcached, if running it as > root a bad idea. > Correcting my command (sudo memcached -d -m 10240 -u root -I 5120 -u > root -l [host] -p 11311) would help me better understand. >
You want to run your processes with as little privileges as possible. Root is the "almighty" user with full access to everything on your system, so you don't want your processes to run as that user unless you have to. If someone finds a bug in memcached, they may compromise more of your system if the process got root privileges. Memcached tries to warn you about running memcached as root by require you to use the -u option if it detect that it is running as root. What you want to do is to run memcached as an unprivileged user. You might want to create a unique user for memcached, or you can use one of the users your operating system probably had (like noaccess/nobody etc) sudo memcached -d -m 10240 -u noaccess -I 5120 -l [host] -p 11311 Cheers, Trond
