Switching UNIX/Linux to allow non-privileged users to bind to privileged ports would require fairly major modifications to the kernel. There's no runtime parameter that can be set to magically allow regular user accounts to bind to a privileged port.
Let's remember that the privileged port restriction is there for a reason, a very valid reason. Would you really want just any user on your server to be able to install a homegrown listener on port 80? I sure wouldn't...the potential for malicious use is huge. Imagine somebody getting a regular user account on one of Amazon.com's web servers in their web server farm, then installing a "web server" on port 80 (or 443) that would simply look for traffic starting with "3", "4" or "5" (first digits for valid credit cards) and copy the traffic to an external location. Sometimes it helps to consider the bigger picture. The people who wrote UNIX weren't stupid. They did things for a reason. Sometimes the reason seems silly, sometimes it seems outdated, but after review, it usually makes perfect sense. Linus and the rest of the Linux hackers could have easily changed this when they wrote the first Linux kernel, but they didn't. So, you've got two LARGE groups of people over a combined span of about 45 years (30+ for UNIX, 10 or so for Linux) choosing to make ports less than 1024 privileged. That's good enough for me...I'll devote my efforts to something else rather than trying to circumvent something that's so obviously there for good reason. John > -----Original Message----- > From: Vy Ho [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 05, 2002 3:48 PM > To: Tomcat Users List > Subject: RE: Why run tomcat as root > > > > Can unix admin configure his OS to let normal app to run port > 80? I say > this because Unix is very configurable. Why you have to do > so much coding > just to access port 80, why not just look at it a different way? > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
