HPE Community
Operating System - HP-UX
1832086 Members
3263 Online
110037 Solutions
New Discussion

non-root access to port 80

 
SOLVED
Go to solution
Peter Heinemann
Frequent Advisor

‎06-06-2003 05:28 AM

‎06-06-2003 05:28 AM

non-root access to port 80

Good Day,

We'd like, if possible to have a non-root process start a web server (Weblogic) and bind to port 80.

We realize that the standard is that ports below 1024 are generally protected for root only. We also notice, however, that apache attaches to port 80 via the www account rather than root.
How does it do this, so how can we do it for a non-root account.

Thx.
0 Kudos
Reply
2 REPLIES 2
Elena Leontieva
Esteemed Contributor

‎06-06-2003 05:46 AM

‎06-06-2003 05:46 AM

Solution

Re: non-root access to port 80

Peter,

Hope this info will help.
To configure WebLogic Server to run on port 80, set the following
properties in the weblogic.properties file:

weblogic.system.listenPort=integer
weblogic.system.enableSetUID=boolean
weblogic.system.nonPrivUser=UNIXusername
weblogic.system.enableSetGID=boolean
weblogic.system.nonPrivGroup=UNIXgroupname

Unix systems require that you use a privileged user account (usually
root) to bind a process to a port less than 1025. Consequently,
if you want the WebLogic Server to listen on port 80, you must start
the WebLogic Server as a privileged user. It is not desirable
(from a security standpoint) to allow long-running processes
(such as WebLogic Server) to run with more privileges than necessary.
However, once the port binds, WebLogic will no longer need root
privileges.

You enable an internal process by setting the weblogic.system.enableSetUID
property (and, if desired, the weblogic.system.enableSetGID property) to
true. The WebLogic Server uses this internal process to switch its UNIX
user ID (UID) after it binds to port 80. The companion properties,
weblogic.system.nonPrivUser and weblogic.system.nonPrivGroup, identify
a non-privileged UNIX user account (and optionally a groupname) under
which WebLogic will run after startup.

If necessary, you may create a Unix user account expressly for running
the WebLogic Server. Make sure that files needed by the WebLogic
Server, such as log files and the WebLogic classes, are accessible
by the non-privileged user. Once ownership of the WebLogic process
has switched to the non-privileged user, WebLogic will have the same
read, write, and execute permissions as the non-privileged user.

See the following URL (Uniform Resource Locator) for more information:

http://www.weblogic.com/docs45/admindocs/properties.html

Elena.
Reply
Peter Heinemann
Frequent Advisor

‎06-06-2003 06:26 AM

‎06-06-2003 06:26 AM

Re: non-root access to port 80

thanks, Elena, that's the trick (although with the current version of 7.0 it's in config.xml which we set through the console).
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.