HPE Community
Operating System - HP-UX
1820310 Members
2404 Online
109623 Solutions
New Discussion юеВ

Open a port

 
SOLVED
Go to solution
Simone Benzi_1
Frequent Advisor

тАО06-23-2004 11:28 PM

тАО06-23-2004 11:28 PM

Open a port

Hello,

How to bind a process to a port less than 1025 with a NON root account?

I need it for a SAP portal: default web port is 50000 and I need it on port 80. Tha java user (UID 103) that should start SAP web server (not Apache, iPlanet....) shows:

Unable to create server socket.
Perhaps another process is using port 80.

Nobody is using port 80: the problem is related to the user privilege, but I do not want to run it as root!

Regards,

Simone
0 Kudos
Reply
17 REPLIES 17
Robert-Jan Goossens
Honored Contributor

тАО06-23-2004 11:38 PM

тАО06-23-2004 11:38 PM

Re: Open a port

Hi Simone,

Check if port 80 is disabled/commented out in the /etc/services file.

# grep 80 /etc/services
http 80/tcp www # World Wide Web HTTP
http 80/udp www # World Wide Web HTTP

Regards,
Robert-Jan
0 Kudos
Reply
Simone Benzi_1
Frequent Advisor

тАО06-23-2004 11:43 PM

тАО06-23-2004 11:43 PM

Re: Open a port

Hi,

services file is still the default one with:

http 80/tcp www # World Wide Web HTTP
http 80/udp www # World Wide Web HTTP

Simone
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

тАО06-23-2004 11:48 PM

тАО06-23-2004 11:48 PM

Re: Open a port

well try to commend them out

#http 80/tcp www # World Wide Web HTTP
#http 80/udp www # World Wide Web HTTP

use lsof -i | grep 80
to check if someone is using these ports.

Regards,
Robert-Jan
0 Kudos
Reply
Muthukumar_5
Honored Contributor

тАО06-23-2004 11:57 PM

тАО06-23-2004 11:57 PM

Re: Open a port

hai,

We can use the bindresvport(3N) call to bind on the privillaged port. Check the port 80 is in usage with netstat call.

Check the successful of bind with it's return type.

Regards,
Muthukumar.
Easy to suggest when don't know about the problem!
Reply
Simone Benzi_1
Frequent Advisor

тАО06-24-2004 12:05 AM

тАО06-24-2004 12:05 AM

Re: Open a port

Hi,

Nobody is using port 80: the problem is that I can not bind such port to a process with a non-root user.
Muthukumar: how can I use bindresvport?

Simone
0 Kudos
Reply
Muthukumar_5
Honored Contributor

тАО06-24-2004 03:48 PM

тАО06-24-2004 03:48 PM

Re: Open a port

hai,

Create a socket with the socket call. Use the struct sockaddr_in from netinet/in.h to know it's format.

bindresvport will work as like in the http://www.linuxtv.org/cgi-bin/cvsweb.cgi/dietlibc/librpc/bindresvport.c?rev=1.4 example.

It will try to bind in the reserved ports. Assign the port to 80 and check for it.

Regards,
Muthukumar.
Easy to suggest when don't know about the problem!
Reply
rick jones
Honored Contributor

тАО06-24-2004 04:00 PM

тАО06-24-2004 04:00 PM

Re: Open a port

The entire point of port numbers being "priviledged" is that they cannot be allocated by non-root users. If there were an (easy) way for a non-root user to bind to a priviledged port, there wouldn't be much point to the port being priviledged.

Now, what is typically done is to launch an application as root, allocate the socket, bind it to the privildeged port, and then change from root to non-root.

If the application cannot start as root, it will have to use a non-priviledged port. Period.

Now, having said that, the system admistrator (aka root) can use ndd (11.X) to change the range of ports that are priviledged - iirc the setting is called tcp_smallest_nonpriv_port or somesuch. But only root can do that.

Just why do you "need" it to be port 80? Do you have software that is broken and thinks that http is only ever to port 80 or something?
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
support_5
Super Advisor

тАО06-24-2004 05:43 PM

тАО06-24-2004 05:43 PM

Re: Open a port

Thats right, You can change HP-UX so that the smallest non priveleged port is 80, thus you won't need to be root to bind to it.

use ndd: ndd -set /dev/tcp tcp_smallest_nonpriv_port 80

Don't forget to edit your /etc/rc.config.d/nddconf

TRANSPORT_NAME[0]=tcp
NDD_NAME[0]=tcp_smallest_nonpriv_port
NDD_VALUE[0]=80
#(Don't forget to increment the index number, in the example above it is 0, but make it one higher than the highest index number in your nddconf file.

Note however that doing this will reduce security since your priveleged ports are no longer priveleged. However this really isn't a big deal since this isn't much of a security measure anyway.

It would be nice if HP-UX could allow a way for Admins to make a single exception to the priveleged port dilema. Wouldn't it be nice if you could have a list of ports in the priveleged range that were NOT priveleged, such as 80. That way, you wouldn't have to go through the process of switching users once you had the port opened. How about a feature request???

- Andrew Gray
0 Kudos
Reply
support_5
Super Advisor

тАО06-24-2004 05:44 PM

тАО06-24-2004 05:44 PM

Re: Open a port

Don't forget to assign points. Ta
- Andrew Gray
0 Kudos
Reply
Simone Benzi_1
Frequent Advisor

тАО06-24-2004 10:32 PM

тАО06-24-2004 10:32 PM

Re: Open a port

Hello,

Thanks to all answers (points will surely follow), but ndd fails with this error:

# ndd -set /dev/tcp tcp_smallest_nonpriv_port 80
operation failed, Invalid argument


(Note that kernel parameter STRMSGSZ is 65535: should be enough).

Is it possible to set this tcp parameter?

Regards,

Simone
0 Kudos
Reply
Fabio Ettore
Honored Contributor

тАО06-24-2004 10:40 PM

тАО06-24-2004 10:40 PM

Re: Open a port

Ciao Simone,

have you already seen this doc in ITRC knoledge base?

KBRC00012155 - ndd -get & -set error message: invalid argument operation failed

It seems that you should have STRMSGSZ equal to 0 in order to change that parameter.

HTH.

Best regards,
Ettore
WISH? IMPROVEMENT!
0 Kudos
Reply
Muthukumar_5
Honored Contributor

тАО06-24-2004 10:55 PM

тАО06-24-2004 10:55 PM

Solution

Re: Open a port

hai,

Operation of
# ndd -set /dev/tcp tcp_smallest_nonpriv_port 80 will be like
operation failed, Invalid argument..,

because it is UNSUPPORTED ndd tunable parameters on HP-UX.

Execute the command as like

# ndd -h unsupported | grep priv

It can not be tuned with that command. The way you can use the bindresvport() command.

=== man page ===
The bindresvport() function binds a socket descriptor to a privileged
IP port; that is, a port number in the range 0 to 1023

================

Regards,
Muthukumar.
Easy to suggest when don't know about the problem!
Reply
Simone Benzi_1
Frequent Advisor

тАО06-24-2004 11:03 PM

тАО06-24-2004 11:03 PM

Re: Open a port

Ciao,

Even with STRMSGSZ=0 the problem is the same:

# kmtune |grep STRMSGSZ
STRMSGSZ 0 - 0
#ndd -set /dev/tcp tcp_smallest_nonpriv_port 80
operation failed, Invalid argument

Are you sure this is a configurable tcp parameter?

Simone
0 Kudos
Reply
support_5
Super Advisor

тАО06-27-2004 11:19 AM

тАО06-27-2004 11:19 AM

Re: Open a port

Hi,

Yes, you're right, it doesn't work does it. I don't know why, I was only going by the documentation from HP (see attached). I'm out of ideas. Anyone else?

- Andrew Gray
0 Kudos
Reply
rick jones
Honored Contributor

тАО06-27-2004 02:50 PM

тАО06-27-2004 02:50 PM

Re: Open a port

You might try to see what happens if you try to make it larger than 1024/1025. It may also have interaction with the other "port" settings.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
support_5
Super Advisor

тАО06-27-2004 03:42 PM

тАО06-27-2004 03:42 PM

Re: Open a port

Yep, I tried setting it higher than 1024 and it would work, but anything less would fail. Don't know what that means. But there you have it.

- Andrew Gray
0 Kudos
Reply
rick jones
Honored Contributor

тАО06-28-2004 02:32 AM

тАО06-28-2004 02:32 AM

Re: Open a port

On the surface it suggests that the folks doing the stack decided that < 1024 being root was sacrosanct.

BTW, what is the reason you cannot have this thing listening on port 50000 like its default again?
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.