>> It is very important to be aware that programs written in Go are unable to >> reliably change their UID once started, due to how goroutines are implemented >> on unix systems. As an unavoidable consequence of this, CGI processes started >> by Molly Brown are run as the same user as the server process.
> It certainly is possible to run a subprocess as a different user. It might not > be terribly convenient and you definitely have to deviate from the traditional > fork/change process state/exec" model. But it's also not beyond feasible. The statement is quite far off practically but pretty close for arguments sake, if you understand the details. Probably written to avoid criticism to some degree. It's worth pointing out that whilst running go processes as different users is certainly a security benefit if designed right and not over used. It is less important than for daemons written in c. s/'once started'/'post go command/' I had read that OpenBSD was unaffected but I'm not sure whether that is true or whether I am confusing two bugs. If that is true then. s/'unix'/'linux'/ I Run server processes as many users all started from a master process on OpenBSD. I just setup the processes before using the go command, to be certain. Currently they all run as the same process group still. I like that as the master dying takes down all the processes. So, what I am doing curently is certainly different to forking children on demand but then I believe that would be less efficient than using go routines anyway. I use sh scripts to bootstrap separate process groups where needed for simplicity and you could always use a sh script to fork processes, if you really wanted and didn't mind bringing in a shell. Or write a forking tool. That would be pointless in my experience of using go though. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/95b9f584-77a8-6fcf-d29d-4cc283eb36a1%40gmail.com.
