Very good point, but what if the administrator him/herself grand this access to this particular user? Linux and Unix is all about flexibility right? Yes, kernel would be to be changed. But I thought I already have that, and if it's not, then it's worth a change, versus thousands and thousands of developers has to work around it (take it millions).
On Thu, 5 Dec 2002, Turner, John wrote: > > Switching UNIX/Linux to allow non-privileged users to bind to privileged > ports would require fairly major modifications to the kernel. There's no > runtime parameter that can be set to magically allow regular user accounts > to bind to a privileged port. > > Let's remember that the privileged port restriction is there for a reason, a > very valid reason. Would you really want just any user on your server to be > able to install a homegrown listener on port 80? I sure wouldn't...the > potential for malicious use is huge. Imagine somebody getting a regular > user account on one of Amazon.com's web servers in their web server farm, > then installing a "web server" on port 80 (or 443) that would simply look > for traffic starting with "3", "4" or "5" (first digits for valid credit > cards) and copy the traffic to an external location. > > Sometimes it helps to consider the bigger picture. The people who wrote > UNIX weren't stupid. They did things for a reason. Sometimes the reason > seems silly, sometimes it seems outdated, but after review, it usually makes > perfect sense. Linus and the rest of the Linux hackers could have easily > changed this when they wrote the first Linux kernel, but they didn't. So, > you've got two LARGE groups of people over a combined span of about 45 years > (30+ for UNIX, 10 or so for Linux) choosing to make ports less than 1024 > privileged. That's good enough for me...I'll devote my efforts to something > else rather than trying to circumvent something that's so obviously there > for good reason. > > John > > > -----Original Message----- > > From: Vy Ho [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 05, 2002 3:48 PM > > To: Tomcat Users List > > Subject: RE: Why run tomcat as root > > > > > > > > Can unix admin configure his OS to let normal app to run port > > 80? I say > > this because Unix is very configurable. Why you have to do > > so much coding > > just to access port 80, why not just look at it a different way? > > > > > > > > > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
