SUMMARY: Port 80 for a non-root user

From: Matthias Heinitz (
Date: Thu Dec 21 1995 - 01:25:30 CST

Dear colleagues:

First of all, many thanks go to:

Mike Fletcher <>
Justin Young <> (William C. DenBesten) (Sean OKelly)
Reto Lichtensteiger <>
Ian MacPhedran <Ian_MacPhedran@engr.USask.Ca>
Gregory Bond <>
stanley@OCE.ORST.EDU (John Stanley)
"Brian T. Wightman" <>
Markus Storm <> (Anatoly M. Lisovsky)
bern@TI.Uni-Trier.DE (Jochen Bern)
Richard Pieri <> (Viet Q. Hoang)


>I have been given the task to install a W3 server that shall
>be administered by a user which is not root. The default port
>shall be 80 since other port numbers have to be added to the

I forgot to mention: Administration does also include restarting
the http-daemon after editing the config-file. The motivation to
admit a non-root user to start the daemon is that the server is
dedicated to a research group which is rapidly growing. Thus, we
expect a frequent change of the config-files due to several groups
with different access permissions. The sysadmin (which is me)
shall not be bothered with this task.

>OS: Solaris 2.3; W3-Daemon: CERN_3.0

>My questions are:

>1. If using a port !=80, e.g. 8080: Is there any possibility
> to eliminate the port number from the URL (for example, by
> aliasing) ?

Three solutions:
1) Write setuid program that restarts httpd. However, this
   cannot be recommended because it represents a security hole.
2) Run a proxy server on port 80 that redirects everything to 8080.
3) Cron job (e.g. daily) that restarts httpd).
I decided for solution 2).

>2. Is it possible to admit the use of port 80 to a "normal"
> user ? If yes, what is the procedure ?

No, impossible, because the OS limits the use of ports < 1024.

>3. I have tried to install httpd under inetd:
> step 1: # chmod 755 /etc/httpd/bin/httpd
> step 2: entry in /etc/services:
> "http 80/tcp"
> step 3: entry in /etc/inetd.conf:
> "http stream tcp nowait root /etc/httpd/bin/httpd
> httpd -r /etc/.../httpd.conf"
> step 4: restart of inetd-daemon
> It failed with the error message:
> HTTPD ERROR: Bad setup: Can't bind and listen on port.
> Explanation: Possibly server already running, or if running
> from inetd make sure you're not using -p flag or Port directive
> However, on that host there is no further W3 daemon and no process
> using port 80.
> a) Any solution for this problem ?

Several suggestions (incorrect flag setup for httpd, "ServerType standalone"
not set, "ServerType inetd" not set, p-flag set/not set), but all failed.
Who knows ...

> b) Can a non-root user administer the httpd-daemon when running under
> inetd ?

See above.

Thanks again.

I wish all of you a Merry Christmas and a Happy New Year !!


_________________________________________________________________________ Dipl.-Ing. Matthias Heinitz
                                     Inst. f. Theoretische Elektrotechnik
                                     Universitaet Hannover
Tel: +49 511 762 3250 Appelstr. 9A _/_/_/_/_/_/_/_/_/_/
Fax: +49 511 762 3204 30167 Hannover _/ _/_/ _/
URL: Germany _/ _/_/_/ _/

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:35 CDT