How to turn on port 443 in Redhat Linux?

Hi

I am using Redhat Linux for my application server. I don't want to usr "root" to start up my application, so I create an user "user" that it can only access this application. But somehow I get an error message  "Permission denied:443". After that I found out if I use "root" to start my application, I would not have any problem. I believe "user" didn't have right to open the port or do port forwarding. Do you have any suggestions for me to use "user" to start my application without problems? and how I can turn on port 433 by default?

Thanks
Simon
gogodnaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sundeepgopalCommented:
hey,
I don't think it could be a problem with port
try as root:
chmod 754 {application name}

0
windmoonlandCommented:
port 433 is turned on by default. But on any Linux/Unix, port under 1024 is only accessible to user root. So you have two options:

1. change the listening port number of your "application server" to any port number larger than 1024. use netstat to determine which ports are taken so far
2. use sudo to shortcut the user "user". this way, the "user" will be root when starting your "application server". But this is NOT the recommended way, since it could be a serious security hole.
0
gogodnaAuthor Commented:
how can I give the right only for "user" to access port 443?

0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

NopiusCommented:
What kind of application user starts? Server or client?
windmoonland right, if server, there is no means for user to start application, listening on port 433. If client, there should not be such problem.
If server:
Your application should ALWAYS be started with root priveleges.
You may do:
1) sudo (man sudo) from user to run this application from root account
2) make your application suid root (chmod +s progname, chown root progname), so anny user may run this application with root priveledges


If this application is written by you, I recommend you to drop root priveles (setuid(real uid)) right after binding to port 433.
0
gogodnaAuthor Commented:
If I don't want to use root to start my server, how about I use port forwarding function?
If I use port forwarding, only root has the right to do it.
If I use port 8443 for my application, I will use port forwarding from 8443 to 443. How can I write a script for restarting my server and run the script by itself? It is because I want to prevent when I restart my server, I forget to do a port forwarding.
0
NopiusCommented:
Port forwarding from 8443 to 443 will not work in your case. Because forwarding works for incoming connections.
If you will forward from 443 to 8443 and server will be listen on 8443 it will work fine.

"How can I write a script for restarting my server and run the script by itself? It is because I want to prevent when I restart my server, I forget to do a port forwarding."
Not clear for me what do you want.

Port forwarding must be run only once and by root (doesn't matter how many times you will restart server).
There are kernel level and application level forwarding. I prefer forwarding applications (because they are portable).
Very simple and working example you may get from here: http://o0o.nu/sec/tools/bounce-0.0.1.tar.gz
Just compile and run it as root with appropriate parameters.
Then it doesn't matter hoe many times you will restart your server, forwarding will work.
0
dcsbeemerCommented:
Hi Gogodna


I don't know if this will be any use to you, but check it out anyway:

http://kbase.redhat.com/faq/FAQ_71_5708.shtm


Check this too while you're at it:

http://kbase.redhat.com/faq/FAQ_45_3957.shtm


I imagine you can add port 443:[Application name] as user root, which should make that specific port open at all times.

Port 443 isn't perhaps already used by something else on your machine?

To check if it is, do this:

sudo netstat -alp | grep :443
0
dcsbeemerCommented:
Gogodna, hold on, I think this is more relevant to your situation.


Issue:
How can I run Certificate System as a non-root user but still use privileged ports like 443 and 80?
Resolution:

   1. Login as root to the machine where Red Hat Certificate System is to be installed and execute the following:

      # rpm -ivh rhcs*.rpm

   2. Run the setup. Root privileges or being the root user and root group may be needed on some stages to configure Certificate Authority (CA). For example, cert-ca.

      # /opt/redhat-cs/setup/setup

   3. Choose privileged ports like 443, 80 etc.
   4. Restart CA:

      # /opt/redhat-cs/cert-ca/restart-cert

   5. Make sure CA can run on the above mentioned ports. To test it, use a browser and go to https://host:443/
   6. Create a local user and add it to its assigned group.
   7. Go to the cert system instance /opt/redhat-cs/cert-ca/config/ and edit the magnus.conf file. Add the following lines:

      chown -R "specific_username:specific_group" /opt/redhat-cs/cert-ca/
      chown "specific_username:specific_group" /opt/redhat-cs/alias/cert-ca*
      chmod 664 /opt/redhat-cs/alias/secmod.db
      export LD_ASSUME_KERNEL=2.4.1

      For example, to allow the user redhat from group redhat to run Certificate System, we change the lines to:

      chown -R "redhat:redhat" /opt/redhat-cs/cert-ca/
      chown "redhat:redhat" /opt/redhat-cs/alias/cert-ca*
      chmod 664 /opt/redhat-cs/alias/secmod.db
      export LD_ASSUME_KERNEL=2.4.1

   8. Restart the Certificate system:

      # /opt/redhat-cs/cert-ca/restart-cert

Note: If the parameter LD_ASSUME_KERNEL=2.4.1 is not set, then IBM JRE would crash trying to read /proc/self/maps. This would be a known issue documented in this bugzilla report: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165351 



***  Taken from Redhat Knowledgebase ***




Change it according to your needs and see if it's any help.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dcsbeemerCommented:
Feedback would be nice...
0
dcsbeemerCommented:
Excellent, thanks Simon! :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.