Mar 27, 2005
Resin: How can I bind to a port under 1024 and still run…
http://www.caucho.com/resin-3.0/install/faq.xtp#How-can-I-bind-to-a-port-under-1024-and-still-run-as-a-non-root-user?
How can I bind to a port under 1024 and still run as a non-root user?
I want to bind resin to port 80, but my operating system only allows root to bind to ports under 1024. If I run Resin as root, it is a security risk. How can I start Resin as root but then change the user and group id after it is bound to the port?http://www.caucho.com/resin-3.0/install/faq.xtp#How-can-I-bind-to-a-port-under-1024-and-still-run-as-a-non-root-user?Most Unix systems can simply use the <user-name> and <group-name> configuration tags.
New versions of Linux (with the new threading model) can also use <user-name> , but using "/sbin/iptables" may be a better solution. The Linux iptables maps port 80 requests to port 8080. This way, your Resin instance can start up as a normal user and listen to port 8080 without needing to start as root.
Linux 2.2.x route port 80 to port 8080
/sbin/ipchains -A input -i eth+ -j REDIRECT 8080 -p tcp –destination-port 80
Linux 2.4.x route port 80 to port 8080
/sbin/iptables -t nat -A PREROUTING -i eth+ -p tcp –dport 80 -j REDIRECT –to-port 8080
No Comments, Comment or Ping
Reply to “Resin: How can I bind to a port under 1024 and still run…”