HPE Community
Operating System - HP-UX
1753496 Members
4250 Online
108794 Solutions
New Discussion юеВ

[CRIT] (13)PERMISSION DENIED: MAKE_SOCK: COULD NOT BIND TO PORT 443

 
Francisco Morales
New Member

тАО09-27-2006 09:02 AM

тАО09-27-2006 09:02 AM

[CRIT] (13)PERMISSION DENIED: MAKE_SOCK: COULD NOT BIND TO PORT 443

I'm using Oracle Application Server 9.0.4.1 on a HPUX 11 machine. I've been testing for long time connecting to our test databases using SSL and non-SSL ports. However, all HTTP ports I've been using to connect to the databases are over 9000. I'm about to use this server to production and I'm doing tests to connect to the database using port 443. However, when I use port 443 or any port under 1024, the HTTP server aborts and I receive the above message in the error_log file.
Oracle recommends changing the owner of the file .apachectl to root and the permissions to 6750. I did that change but I'm still getting the same message.
Oracle has not been able of helping me so far.
Then I was wondering if any one of the members have heard of this problem and could give me some hints on how to solve it.
Thank you!
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

тАО09-27-2006 09:07 AM

тАО09-27-2006 09:07 AM

Re: [CRIT] (13)PERMISSION DENIED: MAKE_SOCK: COULD NOT BIND TO PORT 443

Shalom,

Special permissions are required for Oracle to use a port under 1024. In actuality it is better to use an non-privileged port for Oracle Application's httpd server. Only root can start services that use ports below 1024 and to force oracle into this position would create a security hazard.

Oracle app server needs to own the binaries which conflicts with the root below 1024 rule.

For httpd servies on port 443 the HP Apache releases from http://software.hp.com are more appropriate.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО09-27-2006 09:07 AM

тАО09-27-2006 09:07 AM

Re: [CRIT] (13)PERMISSION DENIED: MAKE_SOCK: COULD NOT BIND TO PORT 443

Shalom,

Special permissions are required for Oracle to use a port under 1024. In actuality it is better to use an non-privileged port for Oracle Application's httpd server. Only root can start services that use ports below 1024 and to force oracle into this position would create a security hazard.

Oracle app server needs to own the binaries which conflicts with the root below 1024 rule.

For httpd services on port 443 the HP Apache releases from http://software.hp.com are more appropriate.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Francisco Morales
New Member

тАО09-27-2006 09:15 AM

тАО09-27-2006 09:15 AM

Re: [CRIT] (13)PERMISSION DENIED: MAKE_SOCK: COULD NOT BIND TO PORT 443

I'm afraid I'm stuck with the Apache server provided by Oracle.
0 Kudos
Reply
Jim Keeble
Trusted Contributor

тАО09-28-2006 12:45 AM

тАО09-28-2006 12:45 AM

Re: [CRIT] (13)PERMISSION DENIED: MAKE_SOCK: COULD NOT BIND TO PORT 443

As Stephen said,bind has to be done by the root user for the reserved ports, 1-1023.

It sounds as though they are trying to make the program run as root by setting the owner of the executable to root, and setting the setuid bit in the permissions. The permissions would be displayed rwsr-x--- and the file owned by root in your case.

I'm not real familiar with oracle and apache, but are your sure that .apachectl is really the executable? It sounds like maybe just a config file or something.

The application code could start as root, and then change it's effective uid to something more appropriate with setuid()after the bind() is done, if you don't want the program to run as root all the time.

You might also be able to use a port like 9443 and still use SSL for security.

I hope this helps. I'm not an expert in this area, but you asked for hints ...
0 Kudos
Reply
Marco A.
Esteemed Contributor

тАО09-28-2006 12:59 AM

тАО09-28-2006 12:59 AM

Re: [CRIT] (13)PERMISSION DENIED: MAKE_SOCK: COULD NOT BIND TO PORT 443

Oracle HTTP Server will not start on ports below 1024 because root privileges are needed to bind these ports. Also, steps to configure .apachectl have not been followed.


Perform the following steps to enable Oracle HTTP Server to run as root on ports below 1024:

Log in as root.

Run the following commands in the middle-tier Oracle home:

cd ORACLE_HOME/Apache/Apache/bin
chown root .apachectl
chmod 6750 .apachectl
Just unplug and plug in again ....
0 Kudos
Reply
Francisco Morales
New Member

тАО09-28-2006 05:49 AM

тАО09-28-2006 05:49 AM

Re: [CRIT] (13)PERMISSION DENIED: MAKE_SOCK: COULD NOT BIND TO PORT 443

Hi, Jim! Thank you for your answer. The problem I see by using a port over 1024 for SSL is that the students have to use that port in the URL and we do not want them to use a port. I'm not so expert, but I believe the only way to connect to the server with no port in the URL is configuring port 443 as a SSL port.
Marco, I already did what you suggested but it didn't work for me.
Actually I moved the OAS installation to another machine using backups from past January, and I was able of configuring the port 443 for SSL after doing the commands that Mario mentioned.
Then my next step is to restore my January backups to the machine I'm having problems with and try to do the same configuration. If it doesn't work, I don't know what else to do.
I'll keep you posted.
Thank you!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.