IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
2 replies Latest Post - ‏2011-03-30T20:37:23Z by SystemAdmin
462 Posts

Pinned topic IHS as non-root and ports < 1024

‏2011-03-29T18:43:53Z |
Easy pop-fly here.

I finally figured out the WCT and it appears to work well. One thing puzzles me tho.

We want to run everything non-root if we can - enterprise restrictions on root are getting pretty tight. We also like to run IHS on ports 80/443.

In the WCT when selecting the HTTP port, there is this verbiage:
"Running IBM HTTP Server without root or Administrative privileges might restrict use of ports below 1024."

So, the naive and childlike question is, why? What's magical about the ports below 1024?

Updated on 2011-03-30T20:37:23Z at 2011-03-30T20:37:23Z by SystemAdmin
  • SystemAdmin
    462 Posts

    Re: IHS as non-root and ports < 1024

    ‏2011-03-30T00:09:37Z  in response to SystemAdmin
    It's a traditional OS imposed limitation that in part prevents user processes from masquerading as system daemons on known, low ports. Also prevents user processes blocking these same daemons from restarting.

    starting ons as root, and letting it drop privileges, is generally preferred. Otherwise, the nonroot user who starts ous can no longer genuinely be called unprivileged yet is now also running all request processing code.

    Eric Covener
    IBM HTTP Server and Apache Development