Server software recommendations

[Steve Ryan]

On 20/05/14 03:08PM, solderpunk wrote:
> I'm frankly baffled that a language with Ken Thompson and Rob Pike as
> designers, created specifically to help Google engineers write server
> software, could turn out to be so terrible for...writing servers on
> unix.  I can only imagine this has happened because nobody at Google
> would ever do something so terribly mundane and non-scalable as fork
> off an entire whole new process on the same machine to generate some
> content.  Probably there'd be ten layers of containers and proxying and
> reverse-proxying and other Cloudian faff keeping the content-generating
> processes separated from the server processes so that uids were a quaint
> and irrelevant consideration.
> 
> (if any Go wizards have recently joined the list and can correct me on
> any of the above I'd be thrilled)
> 

As an FYI, there's is a proposed patch[0] to add proper setuid dropping
for Golang. It's not through yet but is in review and testing stage.
Hopefully it'll make it in for 1.15.

Otherwise you're correct; all-thread setuid is done either through raw
syscalls and process forking wizardry, syscalls, wrapper programs, etc.

For my (also Golang) server SecretShop I've been handling it through the
systemd unit file. A bit messy, but I'm also not explictly supporting
multi-user deployments.

-Steve


[0] https://go-review.googlesource.com/c/go/+/210639