Why not using root to run an app?


#1

Hello,
there is an advice that it could not be in my opinion to run an app as superuser. But only su can run apps on ports smaller than 1024.

Why not using the command “–allow-superuser”?


#2

Hi,

Making usage of su to run Meteor isn’t necessary and shouldn’t be used, because a lot of things are treated as the current logged in user when running.
You just have to check your home to see a lot of things are kept under the hood by meteor in the ~/.meteor directory. Using su is messing with owner and permissions and would lock file for normal usage, which is not expected. Moreover, this could provide an entry point for security issues, which is not expected either.

The first 1024 ports of the server are generally used by common application and protocol, and shouldn’t be used for other purposes, and therefore are locked for common users. You should never bypass this limitation by being logged as the root user just to run an application without taking care of the security issues that may occur doing so.

In development mode, we generally use 8080 to simulate the port 80 on HTTP request.
If you need your app to be accessible through the port 80, you can redirect every connection through this port to another one in which you have your app running (> 1024). This is commonly done to run a nodejs server on the default port (3000) and access it through the port 80.

For those reasons, there is no need to add --allow-superuser to the command as it is not necessary and may cause more harm than good. You can run your application on any safe port using meteor run -p XXXX.

Why do you need to run your app as a super user on another port (i.e, why specifically on port number lower than 1024)? :slightly_smiling_face:


#3

Thank you very much for your exactly explanation. It seems it is not neccessary to run an app as su on port 80 :slight_smile: