Running MistServer as non-root

67 views
Skip to first unread message

lee.c...@jubilee.co

unread,
May 28, 2016, 3:28:37 PM5/28/16
to Mistserver.org
Hi,

I'm trying to run MistServer as a non-root user for obvious security reasons.  It's using a high port so it shouldn't need root privileges to run.

I've tried the -u option and also tried just launching from the shell as a regular user.  In both instances the process immediately segfaults.

I'm using CentOS 6

Surprisingly I can find very little about this in the user manual - I would think that privilege de-esculation would be a key part of a public facing server daemon.  Can anyone help me?

Thanks.

Jaron Viëtor

unread,
May 28, 2016, 3:56:27 PM5/28/16
to mists...@googlegroups.com
Hello Lee,

Indeed MistServer can run as a user.
In the past we had (and currently we have) the -u / --user command-line flag for this (which also allowed dropping privileges per-protocol), but starting with the upcoming 2.6 release, this flag will have been removed (as will the -d flag to daemonize the process).
The new method is (and this also works on older versions), as you already guessed, running Mist directly as an unprivileged user to begin with.

The segfault you're experiencing is surprising... Are you running a build from git, or a binary from the website? If running a version from git, try the development branch, which has the latest and greatest changes and fixes.
Either way, you might want to try -g 10 (or --debug 10) to produce more verbose output, which might give a hint as to what the problem is.
Alternatively, wait a week or so for 2.6 (it's in final testing stages) - which contains a very large amount of improvements and fixes, and may very well fix whatever bug you're experiencing.

Regards,
Jaron Viëtor
CTO, DDVTech

lee.c...@jubilee.co

unread,
May 29, 2016, 9:40:00 AM5/29/16
to Mistserver.org
Hi Jaron,

Thanks for the fast reply, much appreciated.  I'm running the binary from the website.  Here's the debug info:

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutFLV started, PID 3030

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutHDS started, PID 3031

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutTS started, PID 3032

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistInBuffer started, PID 3033

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutHSS started, PID 3035

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutHTTP started, PID 3036

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutMP4 started, PID 3037

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutSRT started, PID 3038

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistInFLV started, PID 3039

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutHTTPTS started, PID 3041

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistInDTSC started, PID 3042

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutRTMP started, PID 3044

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutMP3 started, PID 3045

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistInOGG started, PID 3046

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutJSON started, PID 3048

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistInMP3 started, PID 3049

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutOGG started, PID 3051

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutHLS started, PID 3052

No streams configured, remember to set up streams through the web interface on port 4242 or API.

[2016-05-29 14:38:48] CONF: Controller started

[2016-05-29 14:38:48] HIGH: MistController|3028||Starting stats thread

[2016-05-29 14:38:48] INFO: MistController|3028||IPv6 socket success @ 0.0.0.0:4242

[2016-05-29 14:38:48] INFO: MistController|3028||Activating threaded server: MistController

[2016-05-29 14:38:48] INSANE: MistController|3028||Opening page MstSTATA in master mode with auto-backoff

[2016-05-29 14:38:48] CONF: Starting connector: {"connector":"HTTP"}

[2016-05-29 14:38:48] HIGH: MistController|3028||Overwriting old page for MstSTATA

[2016-05-29 14:38:48] CONF: Starting connector: {"connector":"RTMP"}

[2016-05-29 14:38:48] HIGH: MistController|3028||Piped process /usr/bin/MistOutHTTP started, PID 3055

[2016-05-29 14:38:48] INSANE: MistController|3028||Opening page MstSTATA in master mode with auto-backoff

[2016-05-29 14:38:48] HIGH: MistController|3028||Overwriting old page for MstSTATA

Segmentation fault

Jaron Viëtor

unread,
May 29, 2016, 9:57:41 AM5/29/16
to mists...@googlegroups.com
On Sun, May 29, 2016 at 3:39 PM, <lee.c...@jubilee.co> wrote:
Hi Jaron,

Thanks for the fast reply, much appreciated.  I'm running the binary from the website.  Here's the debug info:


Hmm.... Very odd to say the least!
Is it possible the machine you're running this on has limited POSIX-style shared memory available?
Usually this is mounted as /dev/shm or /run/shm, and the amount available should be visible through the "df" command.
Mist needs at least a few megabytes free to be able to boot at all, and roughly 100MiB or so available to do anything useful.

Also, if you have (or could acquire) a coredump for the segmentation fault, that file would be much appreciated.

- Jaron



Reply all
Reply to author
Forward
0 new messages