Hi, all ports below 1024 are privileged ports on Unix/Linux. Only root is allowed to listen on them. To start a web server on port 80, the process must start as root. To drop privileges servers use setgid and setuid after the call to listen (in that order; otherwise you are not able to change your group id after dropping your user id root).
This happens in tntnet when setting the option "user" and "group" in tntnet.xml. The setting is not used when starting a standalone application like Raphael does. You have to do it at your own. One more note: you have to be really careful, what to do before setgid/setuid. Especially it is really recommended to initialize logging after that. Otherwise the log file may be created with owner root and e.g. file rollling won't work. Tommi Am 24.05.2015 um 21:59 schrieb Jonas Platte: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Usually, the system only allows root to bind program to a port below a > certain number (1000 or 1024 I think). > > What you can do is start tntnet as root and set it up to switch to a > certain user to restrict what the webapp is allowed to do (through > TntConfig [1] in a standalone tntnet app or through the "user" option > in the tntnet config file [2]); > or if you want to have different sites available on port 80, you can > set up a reverse proxy on the server that listens on port 80 (here [3] > is an example using nginx, but you'll find this feature in almost all > webservers). > > [1] > http://www.tntnet.org/apidoc/html/structtnt_1_1TntConfig.html#a2c4555c34 > 83c422dba7142bc4800348e > [2] http://www.tntnet.org/man/tntnet.xml.7.html > [3] http://nginx.com/resources/admin-guide/reverse-proxy/ > > Am 24.05.2015 um 21:47 schrieb Raphael Fuchs: >> Hello, >> >> as a complete newbie to running my own webserver I have a basic >> question on how to start the webserver corretly. If I try to start >> the webserver as a normally priviledged user on port 80 I get a >> bind error. If I start myapp -p 80 as root it works fine and I can >> see the webpage in my browser without adding a port to the url. >> >> Is there a way to start the server on port 80 without beeing root? >> >> Thank you! Raphael >> >> >> >> ---------------------------------------------------------------------- > - -------- >> > One dashboard for servers and applications across Physical-Virtual-Cloud >> Widest out-of-the-box monitoring support with 50+ applications >> Performance metrics, stats and reports that give you Actionable >> Insights Deep dive visibility with transaction tracing using APM >> Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> >> >> >> _______________________________________________ Tntnet-general >> mailing list [email protected] >> https://lists.sourceforge.net/lists/listinfo/tntnet-general >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJVYi2cAAoJEChniccSSv3ruHoIAJEOk5MCmIYoQ2Oj77bCOBBg > s+7IyVRcstcqaA6usUPUt2BDJ+zX2q6K/NqOy4YZ4bgTB5+a5g8y2+N1+YjLna98 > lvnmH2ps6x+cPbe2DlhgGRBYYgkOX7ugF0W5oqpFSdHTfYeQBjavhc0yB3jurE8D > UaMV08PPX63QLZNEJmmkU6llEpsF7iIu1n6hOzQjeh4BYZKWTLDYT3DjRjTVoMsx > yghxpHsBsYO+vNcDVAv6M172Vx73y1rRmLOdFizaop994gwBKFw5cYc9s/ak+Zfy > cQWCb1tW4UjRYaDzFl1jpdUtXNZeJurweQqcNyOEK27kzAwD/NnBXJ8LIJCw9AQ= > =6KOI > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Tntnet-general mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/tntnet-general ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Tntnet-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tntnet-general
