HAProxy error: Some configuration options require full privileges, so global.uid cannot be changed

Question

After adding the line to /etc/haproxy/haproxy.cfg as part of creating a transparent proxy,

    source 0.0.0.0 usesrc clientip

restarting haproxy starts giving an error

~# service haproxy reload
 * Reloading haproxy haproxy                                                     
       [ALERT]     230/153724 (1140) : [/usr/sbin/haproxy.main()] Some configuration options require full privileges, so global.uid cannot be changed.

I'm already running service haproxy reload as root. What else do we have to do? Thank you!

score 13 · Accepted Answer · answered Aug 19 '14 at 23:14

13

Comment out following lines in your haproxy.cfg:

    user        haproxy
    group       haproxy

and restart haproxy.

answered Aug 19 '14 at 23:14

Jakov Sosic

5,267
4
24
35

you are a savior. Thanks much. – Senthil A Kumar Jul 04 '21 at 16:43

score 1 · Answer 2 · edited Feb 14 '19 at 08:02

The better way to fix this issue with privileges is to execute the below commands:

Fix haproxy capabilities

setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/sbin/haproxy

Fix haproxy.pid file rights

touch /var/run/haproxy.pid; chown haproxy:haproxy /var/run/haproxy.pid

Comment out from haproxy.conf:
```
User haproxy
Group haproxy
```

Execute daemon as haproxy user:

sudo -u haproxy /sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D -q

Check haproxy process

ps -ef | grep haproxy

the result should be:

haproxy  12800     1  0 фев12 ?     00:00:58 /sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -D -q

You can put these commands in rc.local in order to start automatically with the system

HAProxy error: Some configuration options require full privileges, so global.uid cannot be changed

2 Answers2