Forum: Ruby Can't start webrick as the root user

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Pra B. (Guest)
on 2009-05-23 18:28
Hi,

I am trying to start Webrick as root user and get TCP Bind error even
though the port appears to be not taken.  Running the same script as a
non-root user that owns the ruby installs works just fine.

1) Running dvdelta_start.sh runs just fine as a non root user
2) Running the same script gives me TCP Bind error
 su - dvdelta -c "/opt/apps/datavail/current-delta/dvdelta_start.sh
start" 2>&1 >>/tmp/dvdelta.log

I'd appreciate any pointers to help debug this issue.

Thanks.

Prakash
+++++++++++++++++++++++++++++++++++


The log file shows the following -

[2009-05-22 04:46:37] INFO  WEBrick 1.3.1
[2009-05-22 04:46:37] INFO  ruby 1.8.7 (2009-04-08) [x86_64-linux]
[2009-05-22 04t:46:47] WARN  TCPServer Error: Address already in use -
bind(2)
[2009-05-22 04:46:47] INFO  WEBrick::HTTPServer#start: pid=30733
port=8192



login as: root

++++++++++++++++++++++++++++++++++++++++++++++++++
class JobServer

   def initialize(jobRepository, port)
     @repos = jobRepository
     @port = port
   end

   def run
    @server = HTTPServer.new( :Port => @port )
    @server.mount("/styles.css", CssServlet)
    @server.mount("/jobs", ListJobsServlet, @repos)
    @server.mount("/deploy", DeployJobServlet, @repos)
    @server.mount("/", IndexServlet)
    trap("INT"){ @server.shutdown }
    @server.start
   end

end
/
++++++++++++++++++++++++++++++++++++++++++++++++++++
Calling the server start...

  server = JobServer.new(jobRepository, 8192)
  server.run

++++++++++++++++++++++++++++++++++++++++++++++++++++
The log file shows the following -

[2009-05-22 04:46:37] INFO  WEBrick 1.3.1
[2009-05-22 04:46:37] INFO  ruby 1.8.7 (2009-04-08) [x86_64-linux]
[2009-05-22 04:46:47] WARN  TCPServer Error: Address already in use -
bind(2)
[2009-05-22 04:46:47] INFO  WEBrick::HTTPServer#start: pid=30733
port=8192
pharrington (Guest)
on 2009-05-23 19:31
(Received via mailing list)
On May 23, 10:28 am, Pra B. <removed_email_address@domain.invalid> wrote:
>
> [2009-05-22 04:46:37] INFO  ruby 1.8.7 (2009-04-08) [x86_64-linux]
>    def initialize(jobRepository, port)
>     trap("INT"){ @server.shutdown }
>
> Posted viahttp://www.ruby-forum.com/.
Did you check to make sure that your app *really* isn't binding to
port 8192? If it isn't, strace and netstat will be able to isolate
that problem.

More importantly, why does your app need to run as root? Running as
root and connecting to the internet is the most reliable way to ensure
you get compromised. If there are certain resources that *absolutely*
require root to obtain, then obtain them as early as possible
(definitely before starting the WEBrick server), then setuid down to a
saner user.
Mk 2. (Guest)
on 2009-05-23 19:41
pharrington wrote:
> On May 23, 10:28�am, Pra B. <removed_email_address@domain.invalid> wrote:
> More importantly, why does your app need to run as root? Running as
> root and connecting to the internet is the most reliable way to ensure
> you get compromised. If there are certain resources that *absolutely*
> require root to obtain, then obtain them as early as possible
> (definitely before starting the WEBrick server), then setuid down to a
> saner user.

If you are just doing some development work on a non-server box you
would have to be insane to believe this is a security risk.  I usually
program as root, it is much more convenient.  I've never run WEBrick as
anything *but* root.

It's not clear from the OP whether it works as some other user altho
that seems to be implied.
pharrington (Guest)
on 2009-05-23 20:11
(Received via mailing list)
On May 23, 11:41 am, Mk 27 <removed_email_address@domain.invalid> wrote:
> would have to be insane to believe this is a security risk.  I usually
> program as root, it is much more convenient.  I've never run WEBrick as
> anything *but* root.
>
> It's not clear from the OP whether it works as some other user altho
> that seems to be implied.
> --
> Posted viahttp://www.ruby-forum.com/.

If the WEBrick server is only listening on localhost than yes, that's
not going to impose any security risk (and since he's not specifying
the the IP... I probably did overreact). Still, the fact that he's
specifically trying to have this running as root when it works as
other users implies a reason. And is programming as root really that
much more convenient than having to type "sudo" every once-in-a-while
to restart apache or install gems?
Brian C. (Guest)
on 2009-05-23 20:42
Pra B. wrote:

> The log file shows the following -
>
> [2009-05-22 04:46:37] INFO  WEBrick 1.3.1
> [2009-05-22 04:46:37] INFO  ruby 1.8.7 (2009-04-08) [x86_64-linux]
> [2009-05-22 04t:46:47] WARN  TCPServer Error: Address already in use -
> bind(2)
> [2009-05-22 04:46:47] INFO  WEBrick::HTTPServer#start: pid=30733
> port=8192

This is a WEBrick bug (which I reported separately a long time ago). It
has successfully bound to port 8192, as the final line confirms. The
bind error log message is spurious.
Pra B. (Guest)
on 2009-05-27 20:44
Thanks for everyone's response.  The application was starting but not
finding the right directory after the login as a non-root user which I
mistakenly thought was due to port conflict. All I had to do was look at
the strace output more closely. Now with the right directory, it works
without any issues. I was barking up the wrong tree - and and am really
appreciative for folks who responded quickly.

As far as the root user vs non-root user discussion, the application
does need to be started as a non-root user since I don't want to have
support groups needing root password.  This piece of puzzle was for
init.d configuration so that the root user kicked off the daemon after a
server bounce.

Thanks.

Prakash


Brian C. wrote:
> Pra B. wrote:
>
>> The log file shows the following -
>>
>> [2009-05-22 04:46:37] INFO  WEBrick 1.3.1
>> [2009-05-22 04:46:37] INFO  ruby 1.8.7 (2009-04-08) [x86_64-linux]
>> [2009-05-22 04t:46:47] WARN  TCPServer Error: Address already in use -
>> bind(2)
>> [2009-05-22 04:46:47] INFO  WEBrick::HTTPServer#start: pid=30733
>> port=8192
>
> This is a WEBrick bug (which I reported separately a long time ago). It
> has successfully bound to port 8192, as the final line confirms. The
> bind error log message is spurious.
This topic is locked and can not be replied to.