The Racket feature of a 'security guard' is not what you want, I think. It prevents a block of Racket code from doing things like accessing the file system or the network. It is used, for example, by evaluation sandboxes to protect against un-trusted user code. I don't think you want to run your code that way.
One thing that you could do is start the program as root, then call setguid and setuid (after binding them [very simple] with the FFI). This is a pretty standard practice. You'd put it after the bind message is returned from the Web server. Jay On Wed, May 20, 2015 at 6:26 AM, WarGrey Gyoudmon Ju <juzhenli...@gmail.com> wrote: > Hello Jay, and Racketeers. > > What the original problem is: > I want my pure Racket Web Server listens on port 80, and this server allows > per-user dynamic content. > > > > As a security problem, no comprehensive solutions exists, it is a big topic > of system administration. In real world, the racket web servers work as > application server behind apache/nginx is a common sense in which case they > can listen on un-privileged port. > > This is fine, but in a multi-user system, un-privileged port can still be > replaced by other non-root users, and run as root does not as unsafe as it > sounds like. > > So l'd like to do it the hard way, although Racket as well as Java cannot > take advantages of the user-permission APIs. However, wrap the servlet > dispatcher with a security guarder does not work. I have no idea if I > misunderstand this feature. > > Thanks in advance. > > Links: Apache Security and Solutions > https://www.feistyduck.com/library/apache-security/online/apachesc-CHP-6.html -- Jay McCarthy http://jeapostrophe.github.io "Wherefore, be not weary in well-doing, for ye are laying the foundation of a great work. And out of small things proceedeth that which is great." - D&C 64:33 -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
