can't bind to port: 80 Permission denied

Hi sysadmins!

I try to run a webserver on my machine, but when I start it, it tell
me that it cannot bind to port 80.

> can't bind to port: 80 Permission denied

The problem is that my user probably does not have privileges to use
port 80.
No other application uses that port.
I use debian.

How can a grant user X permissions to bind/use/listen to certain
ports ?

Thanks you !

Ciur Eugen wrote:
> Hi sysadmins!
>
> I try to run a webserver on my machine, but when I start it, it tell
> me that it cannot bind to port 80.

How do you try to run your webserver? The standard debian way of running
apache is through an init script which allows it to bind to port 80
because it is started by root.

Robert

>
>> can't bind to port: 80 Permission denied
>
> The problem is that my user probably does not have privileges to use
> port 80.
> No other application uses that port.
> I use debian.
>
> How can a grant user X permissions to bind/use/listen to certain
> ports ?
>
> Thanks you !
>
>

I am using lighty (http://www.lighttpd.net/). After compilation to
start it is as simple as:

> lighttpd -f config.conf


On Apr 1, 7:08*pm, Robert Harris <robert.f.har...@blueyonder.co.uk>
wrote:
> Ciur Eugen wrote:
> > Hi sysadmins!
>
> > I try to run a webserver on my machine, but when I start it, it tell
> > me that it cannot bind to port 80.
>
> How do you try to run your webserver? The standard debian way of running
> apache is through an init script which allows it to bind to port 80
> because it is started by root.
>
> Robert
>
>
>
> >> can't bind to port: *80 Permission denied
>
> > The problem is that my user probably does not have privileges to use
> > port 80.
> > No other application uses that port.
> > I use debian.
>
> > How can a grant user X permissions to bind/use/listen to certain
> > ports ?
>
> > Thanks you !

Ciur Eugen wrote:
> I am using lighty (http://www.lighttpd.net/). After compilation to
> start it is as simple as:
>
>> lighttpd -f config.conf
>
>
> On Apr 1, 7:08 pm, Robert Harris <robert.f.har...@blueyonder.co.uk>
> wrote:
>> Ciur Eugen wrote:
>>> Hi sysadmins!
>>> I try to run a webserver on my machine, but when I start it, it tell
>>> me that it cannot bind to port 80.
>> How do you try to run your webserver? The standard debian way of running
>> apache is through an init script which allows it to bind to port 80
>> because it is started by root.
>>
>> Robert
>>
>>
>>
>>>> can't bind to port: 80 Permission denied
>>> The problem is that my user probably does not have privileges to use
>>> port 80.
>>> No other application uses that port.
>>> I use debian.
>>> How can a grant user X permissions to bind/use/listen to certain
>>> ports ?
>>> Thanks you !



For an user-mode server you have to pick
a port above 1024: The ports from 1 to 1023
are privileged ports available to root code
only.

--

Tauno Voipio
tauno voipio (at) iki fi

>
> Ciur Eugen wrote:
>> I am using lighty (http://www.lighttpd.net/). After compilation to
>> start it is as simple as:
>>
>>> lighttpd -f config.conf
>>
Have you checked whether there is a Debian package for lighttpd? If you
install that, it should have the proper permission to run.

On Apr 1, 8:41*am, Ciur Eugen <ciur.eu...@gmail.com> wrote:

> The problem is that my user probably does not have privileges to use
> port 80.
> No other application uses that port.
> I use debian.
>
> How can a grant user X permissions to bind/use/listen to certain
> ports ?

You probably don't want to do this. But if you insist, here's how you
do it:

1) You run a daemon application, as root, that he connects to.

2) He sends the daemon the port he wants and the IP he wants it bound
to (if any).

3) The root application verifies that his request is allowed,
allocates a socket, and binds it.

4) If there is no error, the root application hands the bound socket
to his application.

Alternatively, it can be done this way:

1) You write a secure daemon application that is setuid-root. He
launches the daemon application.

2) The daemon allocates the port he wants to use.

3) The daemon drops all root privileges and assumes the user's
privileges.

4) The daemon exec's the user's application.

5) The user's application inherits the socket from the daemon.

Again, though, this is not recommend.

DS

For, David Schwartz:

> 1) You run a daemon application, as root, that he connects to.

what application should I run as daemon (as root), that will run
lighty ?


On Apr 2, 6:13*am, David Schwartz <dav...@webmaster.com> wrote:
> On Apr 1, 8:41*am, Ciur Eugen <ciur.eu...@gmail.com> wrote:
>
> > The problem is that my user probably does not have privileges to use
> > port 80.

> > No other application uses that port.
> > I use debian.
>
> > How can a grant user X permissions to bind/use/listen to certain
> > ports ?
>
> You probably don't want to do this. But if you insist, here's how you
> do it:
>
> 1) You run a daemon application, as root, that he connects to.
>
> 2) He sends the daemon the port he wants and the IP he wants it bound
> to (if any).
>
> 3) The root application verifies that his request is allowed,
> allocates a socket, and binds it.
>
> 4) If there is no error, the root application hands the bound socket
> to his application.
>
> Alternatively, it can be done this way:
>
> 1) You write a secure daemon application that is setuid-root. He
> launches the daemon application.
>
> 2) The daemon allocates the port he wants to use.
>
> 3) The daemon drops all root privileges and assumes the user's
> privileges.
>
> 4) The daemon exec's the user's application.
>
> 5) The user's application inherits the socket from the daemon.
>
> Again, though, this is not recommend.
>
> DS

On Apr 2, 9:15*am, Ciur Eugen <ciur.eu...@gmail.com> wrote:
> For, David Schwartz:
>
> > 1) You run a daemon application, as root, that he connects to.
>
> what application should I run as daemon (as root), that will run
> lighty ?
>
> On Apr 2, 6:13*am, David Schwartz <dav...@webmaster.com> wrote:
>
> > On Apr 1, 8:41*am, Ciur Eugen <ciur.eu...@gmail.com> wrote:
>
> > > The problem is that my user probably does not have privileges to use
> > > port 80.
> > > No other application uses that port.
> > > I use debian.
>
> > > How can a grant user X permissions to bind/use/listen to certain
> > > ports ?
>
> > You probably don't want to do this. But if you insist, here's how you
> > do it:
>
> > 1) You run a daemon application, as root, that he connects to.
>
> > 2) He sends the daemon the port he wants and the IP he wants it bound
> > to (if any).
>
> > 3) The root application verifies that his request is allowed,
> > allocates a socket, and binds it.
>
> > 4) If there is no error, the root application hands the bound socket
> > to his application.
>
> > Alternatively, it can be done this way:
>
> > 1) You write a secure daemon application that is setuid-root. He
> > launches the daemon application.
>
> > 2) The daemon allocates the port he wants to use.
>
> > 3) The daemon drops all root privileges and assumes the user's
> > privileges.
>
> > 4) The daemon exec's the user's application.
>
> > 5) The user's application inherits the socket from the daemon.
>
> > Again, though, this is not recommend.
>
> > DS


Oh, I just figured out, i need to use inetd - main network daemon,
that has root access to well known ports. I can configure this daemon
so that it will know applications interested to receive messanges from
port 80 (lighty in my case). Inetd will receive messages as root, and
will "send them" to lighty which will run as another user.

On Apr 2, 1:13*am, Ciur Eugen <ciur.eu...@gmail.com> wrote:

> Oh, I just figured out, i need to use inetd - main network daemon,
> that has root access to well known ports. I can configure this daemon
> so that it will know applications interested to receive messanges from
> port 80 (lighty in my case). Inetd will receive messages as root, and
> will "send them" to lighty which will run as another user.

That's certainly one way to do it. In your case, that may be the best
way.

DS

Bill Marcum wrote:

> Have you checked whether there is a Debian package for
> lighttpd?

Yes, there is. It's called lighttpd, just installed it yesterday
to implement a local Debian/Ubuntu mirror for my university's
physics faculty network.

Wolfgang