Nonprivileged ports on solaris - UNIX for Dummies Questions & Answers

sssow · #1 (**permalink**) 01-06-2004

Is there a way to change a privileged TCP port (say 80) to a nonprivileged one..

kduffin · #2 (**permalink**) 01-06-2004

I believe that Solaris will only let you adjust the range, not specify on a per port basis. You can see the smallest (default 1024) using:

ndd -get /dev/tcp tcp_smallest_nonpriv_port

You can change it using:

ndd -set /dev/tcp tcp_smallest_nonpriv_port some#

I found a nice treatise on the subject at:

http://www.ncftpd.com/ncftpd/doc/misc/ephemeral_ports.html#Solaris

Cheers,

Keith

sssow · #3 (**permalink**) 01-07-2004

I have already tried to use ndd to set the smallest non privileged port, but it wont accept any thing below 1024.

RTM · #4 (**permalink**) 01-07-2004

From Sunsolve:

Quote:

In Solaris, the available range of TCP/IP ports is 0 to 65535. However, there are some restrictions that apply:

Ports in the range 0 to 1023 are reserved for privileged (root) services, such as telnetd, ftpd, and so on.

Ports in the range 1024 to tcp_smallest_anon_port-1 are used for user services such as NFS server daemon, FONT server, and so on.
This leaves the range 32768 to 65535 available for general TCP/IP connections. To limit the range of the port numbers allocated for the general use, the following two ndd(1M) parameters can be used:
tcp_smallest_anon_port:
This determines the smallest TCP port number that may be used for an anonymous connection. Solaris allocates anonymous ports above 32768. The default value is 32768.

tcp_largest_anon_port:
This is the largest TCP port number that may be used for anonymous connections. The default value of this is 65535.

You mention port 80 - are you trying to change where http will be going? If so, you can change to port inside (example Apache) the httpd.conf. If not, give more information on what you are trying to accomplish.

kduffin · #5 (**permalink**) 01-07-2004

sssow,

Maybe you should elaborate on the problem you are trying to solve, rather than the solution you are trying to use. Why do you want to have port 80 be non-privliged?

Keith

sssow · #6 (**permalink**) 01-08-2004

Sorry for not giving much details..We were trying to install Iplanet webserver as a non root user and it wont let us use standard port 80 as it is privileged one. I could install it with a different port like 8080.

dangral · #7 (**permalink**) 01-08-2004

If you want to install I-planet as a non-root user, you need to specify a port above 1024.

kduffin · #8 (**permalink**) 01-08-2004

Well, since you are on a Solaris system, you can use the built-in RBAC facility to allow a non-privilged user to have rights to bind the port. I believe that the privilges that whatever role you use would need to include 35, 53, 68 and 70.

Are you familiar with the Solaris RBAC facility?

Cheers,

Keith

kduffin · #9 (**permalink**) 01-08-2004

dangral is correct though - the easiest way would be to simply use a different port. Do you have a load balancer or proxy in front of your webservers?

Keith

sssow · #10 (**permalink**) 01-08-2004

For now we have installed using port 8080. There is no proxy or external load balancer used. We are trying this to evaluate a portal software. I am familiar with RBAC also..Thanks for all the information..

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
USB Ports	eggfoot	UNIX for Dummies Questions & Answers	1	04-22-2008 10:19 AM
Ports...	TechKnow	UNIX for Dummies Questions & Answers	5	05-20-2004 08:34 AM
Ports	Yaki	UNIX for Dummies Questions & Answers	6	10-10-2002 09:07 AM
aggregate ethernet ports under Solaris	98_1LE	UNIX for Dummies Questions & Answers	4	02-13-2002 11:35 AM
ports	djatwork	UNIX for Dummies Questions & Answers	9	10-28-2001 11:34 AM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode