• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1730
  • Last Modified:

How to turn on port 443 in Redhat Linux?

Hi

I am using Redhat Linux for my application server. I don't want to usr "root" to start up my application, so I create an user "user" that it can only access this application. But somehow I get an error message  "Permission denied:443". After that I found out if I use "root" to start my application, I would not have any problem. I believe "user" didn't have right to open the port or do port forwarding. Do you have any suggestions for me to use "user" to start my application without problems? and how I can turn on port 433 by default?

Thanks
Simon
0
gogodna
Asked:
gogodna
  • 4
  • 2
  • 2
  • +2
1 Solution
 
sundeepgopalCommented:
hey,
I don't think it could be a problem with port
try as root:
chmod 754 {application name}

0
 
windmoonlandCommented:
port 433 is turned on by default. But on any Linux/Unix, port under 1024 is only accessible to user root. So you have two options:

1. change the listening port number of your "application server" to any port number larger than 1024. use netstat to determine which ports are taken so far
2. use sudo to shortcut the user "user". this way, the "user" will be root when starting your "application server". But this is NOT the recommended way, since it could be a serious security hole.
0
 
gogodnaAuthor Commented:
how can I give the right only for "user" to access port 443?

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
NopiusCommented:
What kind of application user starts? Server or client?
windmoonland right, if server, there is no means for user to start application, listening on port 433. If client, there should not be such problem.
If server:
Your application should ALWAYS be started with root priveleges.
You may do:
1) sudo (man sudo) from user to run this application from root account
2) make your application suid root (chmod +s progname, chown root progname), so anny user may run this application with root priveledges


If this application is written by you, I recommend you to drop root priveles (setuid(real uid)) right after binding to port 433.
0
 
gogodnaAuthor Commented:
If I don't want to use root to start my server, how about I use port forwarding function?
If I use port forwarding, only root has the right to do it.
If I use port 8443 for my application, I will use port forwarding from 8443 to 443. How can I write a script for restarting my server and run the script by itself? It is because I want to prevent when I restart my server, I forget to do a port forwarding.
0
 
NopiusCommented:
Port forwarding from 8443 to 443 will not work in your case. Because forwarding works for incoming connections.
If you will forward from 443 to 8443 and server will be listen on 8443 it will work fine.

"How can I write a script for restarting my server and run the script by itself? It is because I want to prevent when I restart my server, I forget to do a port forwarding."
Not clear for me what do you want.

Port forwarding must be run only once and by root (doesn't matter how many times you will restart server).
There are kernel level and application level forwarding. I prefer forwarding applications (because they are portable).
Very simple and working example you may get from here: http://o0o.nu/sec/tools/bounce-0.0.1.tar.gz
Just compile and run it as root with appropriate parameters.
Then it doesn't matter hoe many times you will restart your server, forwarding will work.
0
 
dcsbeemerCommented:
Hi Gogodna


I don't know if this will be any use to you, but check it out anyway:

http://kbase.redhat.com/faq/FAQ_71_5708.shtm


Check this too while you're at it:

http://kbase.redhat.com/faq/FAQ_45_3957.shtm


I imagine you can add port 443:[Application name] as user root, which should make that specific port open at all times.

Port 443 isn't perhaps already used by something else on your machine?

To check if it is, do this:

sudo netstat -alp | grep :443
0
 
dcsbeemerCommented:
Gogodna, hold on, I think this is more relevant to your situation.


Issue:
How can I run Certificate System as a non-root user but still use privileged ports like 443 and 80?
Resolution:

   1. Login as root to the machine where Red Hat Certificate System is to be installed and execute the following:

      # rpm -ivh rhcs*.rpm

   2. Run the setup. Root privileges or being the root user and root group may be needed on some stages to configure Certificate Authority (CA). For example, cert-ca.

      # /opt/redhat-cs/setup/setup

   3. Choose privileged ports like 443, 80 etc.
   4. Restart CA:

      # /opt/redhat-cs/cert-ca/restart-cert

   5. Make sure CA can run on the above mentioned ports. To test it, use a browser and go to https://host:443/
   6. Create a local user and add it to its assigned group.
   7. Go to the cert system instance /opt/redhat-cs/cert-ca/config/ and edit the magnus.conf file. Add the following lines:

      chown -R "specific_username:specific_group" /opt/redhat-cs/cert-ca/
      chown "specific_username:specific_group" /opt/redhat-cs/alias/cert-ca*
      chmod 664 /opt/redhat-cs/alias/secmod.db
      export LD_ASSUME_KERNEL=2.4.1

      For example, to allow the user redhat from group redhat to run Certificate System, we change the lines to:

      chown -R "redhat:redhat" /opt/redhat-cs/cert-ca/
      chown "redhat:redhat" /opt/redhat-cs/alias/cert-ca*
      chmod 664 /opt/redhat-cs/alias/secmod.db
      export LD_ASSUME_KERNEL=2.4.1

   8. Restart the Certificate system:

      # /opt/redhat-cs/cert-ca/restart-cert

Note: If the parameter LD_ASSUME_KERNEL=2.4.1 is not set, then IBM JRE would crash trying to read /proc/self/maps. This would be a known issue documented in this bugzilla report: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165351 



***  Taken from Redhat Knowledgebase ***




Change it according to your needs and see if it's any help.
0
 
dcsbeemerCommented:
Feedback would be nice...
0
 
dcsbeemerCommented:
Excellent, thanks Simon! :)
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 4
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now