As of version 1.7.0, yule will always drop root privileges after startup and initialization. You can use a privileged port (port number below 1024), because setting up the listening socket will occur as long as yule still has root privileges.
There are some special considerations that need to be taken into account when setting up an installation of yule. In particular:
- The unprivileged user
By default, configure will check (in this order) for the existance of a user yule, daemon, or nobody, and use the first match.
You can override this with the option configure --enable-identity=
user. The user does not need to exist already; the install script knows how to create a new user (on Linux, FreeBSD, NetBSD, Solaris, HP-UX, OSF1).
After successful installation, you will be asked to run make install-user in order to: (i) create the user that you specified to configure if it does not exist already ( make install-user will check for this), and (ii) chown/chmod some directories.
After running make install and make install-user , you should have a sane setup.
- Logfile directory
The system logfile directory usually requires root privileges to write there (otherwise log files may easily get corrupted ...). To enable yule to write the log file and the HTML status file, a (sub-)directory should be used that is owned by yule. The configure script and the Makefile will do that automatically with the default layout (i.e. a directory
/var/log/yulewill be created).
- Data files
The data file directory is now owned by root and world readable by default. If you chown it to a suitable group for the unprivileged yule user, you can make it group readable only. Note that it is not required, and weakens the security, if the data file directory is writeable for the server.
- GnuPG signed configuration file
The unprivileged yule user must have a
.gnupgsubdirectory in its home directory, holding the public keyring with the key to verify the signature.
- PID file
The PID file is written with before dropping root privileges. Therefore yule will not be able to overwrite it later (which is a GoodThing), or remove it upon exit (it will usually be able to recognize and handle a stale PID file on startup). Still, it may be a good idea to remove it after stopping yule. The provided start/stop scripts for various architectures will handle this.