I assume some of you have run into this error before when trying to run mongrel on port 80 (or another port < 1024) in OSX: $ mongrel_rails start -p 80 ** Starting Mongrel listening at 0.0.0.0:80 /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/tcphack.rb:12:in `initialize_without_backlog'': Permission denied - bind(2) (Errno::EACCES) from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/tcphack.rb:12:in `initialize'' from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel.rb:536:in `initialize'' from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/configurator.rb:128:in `listener'' from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/mongrel_rails:96:in `cloaker_'' from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/configurator.rb:51:in `initialize'' from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/mongrel_rails:83:in `run'' from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/command.rb:211:in `run'' from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14 /bin/mongrel_rails:235 from /usr/local/bin/mongrel_rails:18 Mongrel runs without sudo on all other ports > 1024 otherwise. Anyone have the reason that these ports require sudo? Matt -- ------------------ Matt Pelletier http://www.eastmedia.com -- EastMedia http://www.informit.com/title/0321483502 -- The Mongrel Book http://identity.eastmedia.com -- OpenID, Identity 2.0 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/mongrel-users/attachments/20061116/410598e4/attachment.html
On 16.11.2006, at 19.37, Matt Pelletier wrote:> Mongrel runs without sudo on all other ports > 1024 otherwise. > Anyone have the reason that these ports require sudo?I think it is pretty common to require sudo to run on privileged ports. I guess it might be because otherwise any user could start acting as the web server in the internet (assuming the port is not blocked by a firewall). //jarkko -- Jarkko Laine http://jlaine.net http://dotherightthing.com http://www.railsecommerce.com http://odesign.fi -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2417 bytes Desc: not available Url : http://rubyforge.org/pipermail/mongrel-users/attachments/20061116/74e5471d/attachment.bin
On UNIX-derived systems, ports below 1024 are privileged and can only be accessed as root. On Nov 16, 2006, at 11:37 AM, Matt Pelletier wrote:> I assume some of you have run into this error before when trying to > run mongrel on port 80 (or another port < 1024) in OSX: > > $ mongrel_rails start -p 80 > ** Starting Mongrel listening at 0.0.0.0:80 > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/ > tcphack.rb:12:in `initialize_without_backlog'': Permission denied - > bind(2) (Errno::EACCES) > from /usr/local/lib/ruby/gems/1.8/gems/mongrel- 0.3.14/lib/ > mongrel/tcphack.rb:12:in `initialize'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/ > mongrel.rb:536:in `initialize'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/ > mongrel/configurator.rb:128:in `listener'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/ > mongrel_rails:96:in `cloaker_'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/ > mongrel/configurator.rb:51:in `initialize'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel- 0.3.14/bin/ > mongrel_rails:83:in `run'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/ > mongrel/command.rb:211:in `run'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/ > mongrel_rails:235 > from /usr/local/bin/mongrel_rails:18 > > Mongrel runs without sudo on all other ports > 1024 otherwise. > Anyone have the reason that these ports require sudo? > > Matt > > -- > ------------------ > Matt Pelletier > http://www.eastmedia.com -- EastMedia > http://www.informit.com/title/0321483502 -- The Mongrel Book > http://identity.eastmedia.com -- OpenID, Identity 2.0 > _______________________________________________ > Mongrel-users mailing list > Mongrel-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-users-------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/mongrel-users/attachments/20061116/b48c0634/attachment.html
On 11/16/06, Matt Pelletier <eastmedianyc at gmail.com> wrote:> I assume some of you have run into this error before when trying to run > mongrel on port 80 (or another port < 1024) in OSX: > > $ mongrel_rails start -p 80 > ** Starting Mongrel listening at 0.0.0.0:80 > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/tcphack.rb:12:in > `initialize_without_backlog'': Permission denied - bind(2) (Errno::EACCES) > from /usr/local/lib/ruby/gems/1.8/gems/mongrel- > 0.3.14/lib/mongrel/tcphack.rb:12:in `initialize'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel.rb:536:in > `initialize'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/configurator.rb:128:in > `listener'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/mongrel_rails:96:in > `cloaker_'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/configurator.rb:51:in > `initialize'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel- > 0.3.14/bin/mongrel_rails:83:in `run'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/command.rb:211:in > `run'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/mongrel_rails:235 > from /usr/local/bin/mongrel_rails:18 > > Mongrel runs without sudo on all other ports > 1024 otherwise. Anyone have > the reason that these ports require sudo? > > Matt > > -- > ------------------ > Matt Pelletier > http://www.eastmedia.com -- EastMedia > http://www.informit.com/title/0321483502 -- The Mongrel > Book > http://identity.eastmedia.com -- OpenID, Identity 2.0 > _______________________________________________ > Mongrel-users mailing list > Mongrel-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-users > >Matt, Port numbers 0 to 1024 are reserved for privileged services and designated as well-known ports. Here is a list: http://www.webopedia.com/quick_ref/portnumbers.asp sudo is required to protect against interference with core services like ssh, http, example. Hope this helps. -- Zack Chandler http://depixelate.com
On 11/16/06, Matt Pelletier <eastmedianyc at gmail.com> wrote:> I assume some of you have run into this error before when trying to run > mongrel on port 80 (or another port < 1024) in OSX:[snip]> Mongrel runs without sudo on all other ports > 1024 otherwise. Anyone have > the reason that these ports require sudo?Because the first 1024 ports are priveledged ports on unix-like operating systems. Regular users can''t use them. It''s not a Mongrel issue. Kirk Haines
Ezra Zygmuntowicz
2006-Nov-16 20:42 UTC
[Mongrel] OSX requires sudo for using ports < 1024
Matt- All unix style operating systems require root access to use any port less than 1024. Its just a fact of life on any linux, bsd or osx system. Cheers- -Ezra On Nov 16, 2006, at 9:37 AM, Matt Pelletier wrote:> I assume some of you have run into this error before when trying to > run mongrel on port 80 (or another port < 1024) in OSX: > > $ mongrel_rails start -p 80 > ** Starting Mongrel listening at 0.0.0.0:80 > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/ > tcphack.rb:12:in `initialize_without_backlog'': Permission denied - > bind(2) (Errno::EACCES) > from /usr/local/lib/ruby/gems/1.8/gems/mongrel- 0.3.14/lib/ > mongrel/tcphack.rb:12:in `initialize'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/ > mongrel.rb:536:in `initialize'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/ > mongrel/configurator.rb:128:in `listener'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/ > mongrel_rails:96:in `cloaker_'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/ > mongrel/configurator.rb:51:in `initialize'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel- 0.3.14/bin/ > mongrel_rails:83:in `run'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/ > mongrel/command.rb:211:in `run'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/ > mongrel_rails:235 > from /usr/local/bin/mongrel_rails:18 > > Mongrel runs without sudo on all other ports > 1024 otherwise. > Anyone have the reason that these ports require sudo? > > Matt > > -- > ------------------ > Matt Pelletier > http://www.eastmedia.com -- EastMedia > http://www.informit.com/title/0321483502 -- The Mongrel Book > http://identity.eastmedia.com -- OpenID, Identity 2.0 > _______________________________________________ > Mongrel-users mailing list > Mongrel-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-users-- Ezra Zygmuntowicz -- Lead Rails Evangelist -- ez at engineyard.com -- Engine Yard, Serious Rails Hosting -- (866) 518-YARD (9273)
On Thu, 16 Nov 2006 12:37:16 -0500 "Matt Pelletier" <eastmedianyc at gmail.com> wrote:> I assume some of you have run into this error before when trying to run > mongrel on port 80 (or another port < 1024) in OSX:<snip>> Mongrel runs without sudo on all other ports > 1024 otherwise. Anyone have > the reason that these ports require sudo?That''s from the old days where everyone liked everyone on the internet and only trusted people ran the computers. Back then, if a service was running below 1024 it could only be run by root, and since only trusted professionals could become root it meant the service was more likely to be safe. Of course we now know that''s all a bunch of horseshit, but that''s the way it is. The "fix" is to run it with sudo, but tell mongrel to become you afterwards: sudo mongrel_rails start -p 80 --user mattp --group users Then, it''ll bind to port 80, but still run as you so your file permissions aren''t all screwed up later. -- Zed A. Shaw, MUDCRAP-CE Master Black Belt Sifu http://www.zedshaw.com/ http://www.awprofessional.com/title/0321483502 -- The Mongrel Book http://mongrel.rubyforge.org/ http://www.lingr.com/room/3yXhqKbfPy8 -- Come get help.
That''s standard UNIX rules. You should find the same behavior on *BSD or Linux. On 11/16/06, Matt Pelletier <eastmedianyc at gmail.com> wrote:> I assume some of you have run into this error before when trying to run > mongrel on port 80 (or another port < 1024) in OSX: > > $ mongrel_rails start -p 80 > ** Starting Mongrel listening at 0.0.0.0:80 > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/tcphack.rb:12:in > `initialize_without_backlog'': Permission denied - bind(2) (Errno::EACCES) > from /usr/local/lib/ruby/gems/1.8/gems/mongrel- > 0.3.14/lib/mongrel/tcphack.rb:12:in `initialize'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel.rb:536:in > `initialize'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/configurator.rb:128:in > `listener'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/mongrel_rails:96:in > `cloaker_'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/configurator.rb:51:in > `initialize'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel- > 0.3.14/bin/mongrel_rails:83:in `run'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/command.rb:211:in > `run'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/mongrel_rails:235 > from /usr/local/bin/mongrel_rails:18 > > Mongrel runs without sudo on all other ports > 1024 otherwise. Anyone have > the reason that these ports require sudo? > > Matt > > -- > ------------------ > Matt Pelletier > http://www.eastmedia.com -- EastMedia > http://www.informit.com/title/0321483502 -- The Mongrel > Book > http://identity.eastmedia.com -- OpenID, Identity 2.0 > _______________________________________________ > Mongrel-users mailing list > Mongrel-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-users > >-- Cheers, Kevin Williams http://www.almostserio.us/ "Any sufficiently advanced technology is indistinguishable from Magic." - Arthur C. Clarke
> I assume some of you have run into this error before when trying to run > mongrel on port 80 (or another port < 1024) in OSX: > > $ mongrel_rails start -p 80 > ** Starting Mongrel listening at 0.0.0.0:80 > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/tcphack.rb:12:in > `initialize_without_backlog'': Permission denied - bind(2) (Errno::EACCES) > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/tcphack.rb:12:in > `initialize'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel.rb:536:in > `initialize'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/configurator.rb:128:in > `listener'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/mongrel_rails:96:in > `cloaker_'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/configurator.rb:51:in > `initialize'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/mongrel_rails:83:in > `run'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/command.rb:211:in > `run'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14 > /bin/mongrel_rails:235 > from /usr/local/bin/mongrel_rails:18 > > Mongrel runs without sudo on all other ports > 1024 otherwise. Anyone have > the reason that these ports require sudo?This is the way it is on all unixes... ports under 1024 tend to be "well known". 25 for smtp, 80 for http. So the OS won''t let you use that port unless you are root so that joe-random-user can''t start up some subversive web server on that port... -philip
On 11/16/06, Matt Pelletier <eastmedianyc at gmail.com> wrote:> I assume some of you have run into this error before when trying to run > mongrel on port 80 (or another port < 1024) in OSX: > > $ mongrel_rails start -p 80 > ** Starting Mongrel listening at 0.0.0.0:80 > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/tcphack.rb:12:in > `initialize_without_backlog'': Permission denied - bind(2) (Errno::EACCES) > from /usr/local/lib/ruby/gems/1.8/gems/mongrel- > 0.3.14/lib/mongrel/tcphack.rb:12:in `initialize'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel.rb:536:in > `initialize'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/configurator.rb:128:in > `listener'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/mongrel_rails:96:in > `cloaker_'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/configurator.rb:51:in > `initialize'' > from /usr/local/lib/ruby/gems/1.8/gems/mongrel- > 0.3.14/bin/mongrel_rails:83:in `run'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/lib/mongrel/command.rb:211:in > `run'' > from > /usr/local/lib/ruby/gems/1.8/gems/mongrel-0.3.14/bin/mongrel_rails:235 > from /usr/local/bin/mongrel_rails:18 > > Mongrel runs without sudo on all other ports > 1024 otherwise. Anyone have > the reason that these ports require sudo?This is standard unix behaviour - only root can bind ports < 1024 - they are called "privileged". The reason is because these ports are reserved for servers -HTTP, FTP, etc. and therefore it is desirable that only trusted users (=root) can run them.
On 11/16/06, Matt Pelletier <eastmedianyc at gmail.com> wrote:> > Mongrel runs without sudo on all other ports > 1024 otherwise. Anyone have > the reason that these ports require sudo?I suppose you could say that there is a historical reason. Un*x machines used to be multiuser computers with lots of users logged in over terminals or phone lines, and not all users could be perfectly trusted. Some of them would have loved to overload the telnet service (port 23) to make it crash, and then replace it with their own hacked version that would snoop on people''s passwords. By protecting certain ports (< 1024), everyone could safely assume that if they contacted a trusted host (e.g. one operated by their university) on those ports, whatever process answered would be owned by root. This extended trust was used for other services too, like rlogin, which allows a user to login on a remote host without a password if the two hosts trust each other. This security model is generally frowned upon today, but it does ensure that on a UN*X-based web hotell, the web server is run by the management and not by a random user. /David -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/mongrel-users/attachments/20061116/4322bfa5/attachment-0001.html
On 11/16/06, Jarkko Laine <jarkko at jlaine.net> wrote:> > > On 16.11.2006, at 19.37, Matt Pelletier wrote: > > Mongrel runs without sudo on all other ports > 1024 otherwise. > > Anyone have the reason that these ports require sudo? > > I think it is pretty common to require sudo to run on privileged > ports. I guess it might be because otherwise any user could start > acting as the web server in the internet (assuming the port is not > blocked by a firewall).Yeah, one of those ''look before asking'' situations. Thanks. //jarkko> > -- > Jarkko Laine > http://jlaine.net > http://dotherightthing.com > http://www.railsecommerce.com > http://odesign.fi > > > > > _______________________________________________ > Mongrel-users mailing list > Mongrel-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-users > > >-- ------------------ Matt Pelletier http://www.eastmedia.com -- EastMedia http://www.informit.com/title/0321483502 -- The Mongrel Book http://identity.eastmedia.com -- OpenID, Identity 2.0 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/mongrel-users/attachments/20061116/5a435b13/attachment.html
Steven Lumos
2006-Nov-17 20:42 UTC
[Mongrel] [OT] Re: OSX requires sudo for using ports < 1024
Ezra Zygmuntowicz <ezmobius at gmail.com> writes:> Matt- > > All unix style operating systems require root access to use any port > less than 1024. Its just a fact of life on any linux, bsd or osx system. > > Cheers- > -EzraIn Solaris you can give a non-root process privilege to bind a reserved port, revoke the privilege after the bind, and even take away it''s privilege to fork and exec while you''re at it. Steve
Apparently Analagous Threads
- Frustrating Error
- [ADV] "Mongrel: Serving, Deploying, and Extending Your Ruby Applications" BOOK
- Problem Starting Mongrel
- changing user/group on port 80
- Mongrel not starting: `initialize_without_backlog'': Cannot assign requested address - bind(2) (Errno::EADDRNOTAVAIL)