|
|
Sponsored Content
Operating Systems
Linux
How do I run HTTP server on port 80 using a non root user?
Post 302448209 by Corona688 on Wednesday 25th of August 2010 12:53:10 PM
08-25-2010
|
|
10 More Discussions You Might Find Interesting
1. Linux
Hi All,
I'm running RH 9.0 on a PII box with 160MB RAM. Just downloaded RealVNC X86 Linux (version 3.3.7). How can I get the HTTP listening port up ?
Thanks,
KENT (6 Replies)
Discussion started by: kxchen_home
6 Replies
2. UNIX for Advanced & Expert Users
i need to write a program to know how many users are presently connected to my ftp server and http server .
i need to keep a count of this and this count should be available to other different software . how to make this GLOBAL so that other softwares can access this count value (7 Replies)
Discussion started by: hariprasad
7 Replies
3. Linux
Hi all,
I am running an oracle application server but the problem is that the default port it is using is 7777 and if i want to make it port 80 i have to run the server as root which something i do not want to do. If i understand well to run on a port under 1024 the application needs root... (1 Reply)
Discussion started by: staind_art
1 Replies
4. UNIX and Linux Applications
hi all
i have some question if any one can help me please
How get root without local ? :(
&
How get root with open port in server use the telnet ? :(
&
How get root with Buffer Overflows ? :(
please help me
thanx to all (2 Replies)
Discussion started by: iis
2 Replies
5. Shell Programming and Scripting
hi ,
i need to run a script that delete files when i logout as a user other than root user .
I have tried out using .bash_logout but that doesnt seem to work , so any alternative for this to be done.
Thanks in advance,
Harsha (6 Replies)
Discussion started by: harsha10
6 Replies
6. AIX
Good morning everybody. I have just receiedv a complaint from our DBA saying that if he create a scripts to run some Oracle performance scripts using crontab and the scheduling part is ok but the job is failed when I checked on /var/adm/cron/log.
I have tried his scripts using Oracle id directly... (4 Replies)
Discussion started by: kwliew999
4 Replies
7. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
8. Shell Programming and Scripting
So I have a script that runs as a non-root user, lets say the username is 'xymon' .
This script needs to log on to a remote system as a non-root user also and call up a bash script that runs another bash script as root.
in short: user xymon on system A needs to run a file as root user and have... (2 Replies)
Discussion started by: damang111
2 Replies
9. Shell Programming and Scripting
Hello I have a script which is working fine so far to generate HTML file. Now i am wondering how do i include a syntax where it can change itself to root user and execute a specific commands as root user.
Please help, Thanks in advance.
-Siddhesh (2 Replies)
Discussion started by: Siddheshk
2 Replies
10. Shell Programming and Scripting
Can someone help in writing some script through which I can transfer file (scp) from root user in abc server to crt user in hfg server and can give the crt user password in script itself so that it doesn't prompt me every time for password (4 Replies)
Discussion started by: Moon1234
4 Replies
LEARN ABOUT REDHAT
inndstart
inndstart(8) InterNetNews Documentation inndstart(8) NAME
inndstart - Start innd SYNOPSIS
inndstart [-P port] [-I address] [innd-options] DESCRIPTION
The purpose of inndstart is to raise system file descriptor limits, open the privileged news transfer port, and then start innd(8), passing it the open file descriptor for the news port. inndstart is used since only privileged programs can perform those two operations and since innd should not run privileged. It is installed setuid root and drops privileges to the news user (set at configure time) before running innd. Normally there is no need to run inndstart directly. Instead, run rc.news(8) as the news user, and it will handle running inndstart appro- priately for you. Since inndstart is setuid root, it is extremely restrictive about who can run it and what it is willing to do. See the section on "SECU- RITY" for the full details. inndstart can only be run by the news user; if run by any other user, it will abort. It will also only bind to ports 119, 433, or a port number given at configure time with --with-innd-port among those ports below 1024, although it can bind to any port above 1024. This is to prevent various security exploits possible by binding to arbitrary privileged ports. Before running innd, inndstart cleans out the environment and sets only those environment variables listed in the section on "ENVIRONMENT". OPTIONS
-P port Bind to port instead of whatever is specified by port in inn.conf(5). Note that this is subject to the constraints mentioned above. -I address Bind as address instead of whatever is specified by bindaddress in inn.conf(5). The default behavior is to bind to INADDR_ANY, and that's what's desired almost all the time. This option, and the inn.conf(5) parameter, may be useful if the machine has multiple interface cards and innd should only be listening on a particular one. All other options given on the command line are passed verbatim to innd. In addition, inndstart will give the -p option to innd, specify- ing the file descriptor of the open network socket. SECURITY
inndstart is setuid root, and therefore an expected point of attack. It has therefore been carefully written with security in mind. In a normal INN installation, it is installed setuid root and executable only by users in the news group. Ideally, everything about inndstart's operations would be hard-coded so that it could not be modified. Fighting against this desire, how- ever, is the ideal that as much of INN's operation as possible should be configurable at run-time using inn.conf(5), and the news system should be able to an alternate inn.conf by setting INNCONF to the path to that file before starting any programs. The configuration data therefore can't be trusted. The security model used is: o inndstart can only be executed by the news user and news group, as determined at configure time and compiled into inndstart as constants. Similarly, inndstart will always setuid() and setgid() to those users before running innd. This is to prevent a user other than news but in the news group from using inndstart to leverage that access into access to the news account. o As mentioned above, inndstart will only bind to a very limited set of ports below 1024. There are various attacks that can be performed using random low-numbered ports, including exploits of the rsh family of commands on some systems. o inndstart does as little as possible as root, dropping privileges before performing any operations that do not require elevated privi- leges. This program therefore gives the news user the ability to revoke system file descriptor limits and bind to the news port, and nothing else. DIAGNOSTICS
inndstart may log the following messages to syslog (like the rest of INN, syslog is the best place to find detailed debugging information): can't bind: %s (Fatal) Unable to bind to the designated port. This usually means that something else is already running on the news port. Check with netstat(8) and make sure that inetd(8) doesn't think it's running a service on the same port you're trying to run innd on. can't exec %s: %s (Fatal) inndstart was unable to execute innd. Make sure that pathbin is set correctly in inn.conf and that innd is located in that directory and is executable by the news user. can't getrlimit(NOFILE) (Warning) Unable to obtain the current system resource limit on file descriptors. Chances are something is wrong with the *rlimit() functions. The file descriptor limit was left unchanged from the system default. can't open socket: %s (Fatal) Something went wrong in creating the network socket. Chances are your system is out of resources of some kind. can't setgid(%d): %s (Fatal) Dropping privileges to the news group failed for some reason. can't setgroups: %s (Warning) Dropping all supplemental groups except the news group failed for some reason, and the process group membership was left unchanged. This message may indicate a minor security hole if the news user is in extra groups. can't setrlimit(NOFILE, %d) (Warning) Unable to set the system file descriptor limit to the specified value. Either that value is too high for your system or something else went wrong. The file descriptor limit was left unchanged. Try changing rlimitnofile in inn.conf to a smaller value. can't setsockopt: %s (Warning) inndstart attempts to set SO_REUSEADDR so that if innd exits, it can be restarted again immediately without waiting for the port to time out. For some reason, this failed, and that option was not set on the port. can't setuid(%d): %s (Fatal) Dropping privileges to the news user failed for some reason. can't stat pathrun (%s): %s (Fatal) pathrun as specified in inn.conf doesn't exist. getgrnam(%s) failed (Fatal) Unable to determine the GID for the compiled-in news group. Is the news group listed in /etc/group? getpwnam(%s) failed (Fatal) Unable to determine the UID for the compiled-in news user. Is the news user listed in /etc/passwd? invalid address %s (Fatal) -I was specified on the command line, but the argument wasn't a valid address. Addresses must be given as numeric IP addresses. invalid bindaddress in inn.conf (%s) (Fatal) The bindaddress specified in inn.conf could not be converted to an IP address. See inn.conf(5) for more information about valid values. invalid port %s (Fatal) -P was specified on the command line, but the argument wasn't a valid port. Ports must be port numbers; service names are not allowed. missing address after -I (Fatal) -I was given on the command line, but no address was given after the option. missing port after -P (Fatal) -P was given on the command line, but no port was given after the option. pathrun (%s) not a directory (Fatal) pathrun as specified in inn.conf isn't a directory. This is where innd will create its local control socket; it should always be a directory. pathrun (%s) owned by group %d, not %s (%d) (Fatal) pathrun specified in inn.conf must be owned by the news group. This is checked for security reasons. pathrun (%s) owned by user %d, not %s (%d) (Fatal) pathrun specified in inn.conf must be owned by the news user. This is checked for security reasons. ran by GID %d, who isn't %s (%d) (Fatal) Someone not in the news group attempted to run inndstart. If you were running inndstart as the news user, make sure that the news user's default group is the news group you picked at compile time (`news' by default). ran by UID %d, who isn't %s (%d) (Fatal) Someone other than the news user attempted to run inndstart. inndstart may only be run by the news user for security reasons. seteuid(%d) failed: %s (Fatal) Unable to change the effective UID. This usually means that inndstart was installed with the wrong permissions. If it does have the correct permissions (setuid root) and seteuid() to root (UID 0) is failing, this may mean that your system has seteuid() but doesn't have support for POSIX saved UIDs. If this is the case, please report this to the INN maintainers. setreuid(%d, %d) failed: %s (Fatal) Unable to change the real and effective UIDs. This message usually means that inndstart was installed with the wrong permis- sions. tried to bind to port %d (Fatal) inndstart was told to bind to a low numbered port (under 1024) other than 119, 433, or a port number given at configure time. This is not allowed for security reasons. EXAMPLES
Normally, inndstart is never run directly. However, a simple way to just restart innd without running any other auxilliary programs or performing any of the other checks done by rc.news(8) is to just run: inndstart as the news user. To start innd on port 433, passing it the `-c21' option, use: inndstart -P433 -c21 ENVIRONMENT
One environment variable affects the operation of inndstart itself: INNCONF The full path to the inn.conf(5) file to read, rather than the default. This can be used to run multiple copies of INN on the same machine with different settings. When executing innd, inndstart cleans out the entire environmnent and sets only the following variables: BIND_INADDR Passed verbatim from inndstart's environment. This is apparently used on Linux. HOME Set to pathnews from inn.conf. LOGNAME Set to the news master, as determined at configure time. PATH Set to pathbin from inn.conf, pathetc from inn.conf, and then /bin, /usr/bin, and /usr/ucb in that order. SHELL Set to the path to the system Bourne shell as determined by configure (probably /bin/sh). TMPDIR Set to pathtmp from inn.conf. TZ Passed verbatim from inndstart's environment. USER Set to the news master, as determined at configure time. FILES
inn.conf Read for pathnews, pathbin, pathrun, pathtmp, rlimitnofile, bindaddress, and port. pathbin/innd The binary that is executed as innd and passed the open network socket. pathrun Checked for existence and the right ownership. HISTORY
Written by Russ Allbery <rra@stanford.edu> for InterNetNews. $Id: inndstart.8,v 1.2 1999/10/23 16:25:47 rra Exp $ SEE ALSO
inn.conf(5), innd(8) 3rd Berkeley Distribution INN 2.3 inndstart(8)