is it safe to run net/haproxy as root?

Marko Cupać marko.cupac at
Thu Apr 9 14:27:19 UTC 2015

On Thu, 09 Apr 2015 09:05:19 -0500
Mark Felder <feld at> wrote:

> On Thu, Apr 9, 2015, at 08:26, Mark Martinec wrote:
> > 
> > Perhaps the haproxy port maintainer can be persuaded to assign
> > some account entry for this purpose.
> > 
> This wouldn't be a perfect solution. If you're going to be proxying
> port 80 and 443 you need to initially run as root, but perhaps by
> default in the config file we could drop privs to the haproxy user?

I am now testing proxying http(s) 80 and 443 to apache servers, but
also tcp 3306 to mysql servers. I use separate profiles (which spawn
separate instances if I understand well).

Maybe it would be good to drop http(s) to www user/group, and tcp 3306
to mysql user/group? www user/group comes with default FreeBSD
installation, and I would need to create mysql user/group manually with
same parameters as mysql port creates them (no problem).

Does this sound reasonable?
Marko Cupać

More information about the freebsd-ports mailing list