From owner-freebsd-questions@FreeBSD.ORG Wed Jan 4 11:52:43 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3242B1065676; Wed, 4 Jan 2012 11:52:43 +0000 (UTC) (envelope-from lordcow@lordcow.org) Received: from lordcow.org (lordcow.org [41.203.5.188]) by mx1.freebsd.org (Postfix) with ESMTP id 550368FC08; Wed, 4 Jan 2012 11:52:41 +0000 (UTC) Received: from lordcow.org (localhost [127.0.0.1]) by lordcow.org (8.14.5/8.14.5) with ESMTP id q04Aqnjs006716 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Wed, 4 Jan 2012 12:52:49 +0200 (SAST) (envelope-from lordcow@lordcow.org) Received: (from lordcow@localhost) by lordcow.org (8.14.5/8.14.5/Submit) id q04AqiXl006715; Wed, 4 Jan 2012 12:52:44 +0200 (SAST) (envelope-from lordcow) Date: Wed, 4 Jan 2012 12:52:44 +0200 From: Gareth de Vaux To: Dino Vliet Message-ID: <20120104105244.GA6157@lordcow.org> References: <1325671801.19145.YahooMailNeo@web113620.mail.gq1.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1325671801.19145.YahooMailNeo@web113620.mail.gq1.yahoo.com> User-Agent: Mutt/1.4.2.3i Cc: "ports@FreeBSD.org" , "freebsd-questions@freebsd.org" Subject: Re: best way to bind webserver to port 80 without running as root X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jan 2012 11:52:43 -0000 On Wed 2012-01-04 (02:10), Dino Vliet wrote: > suddenly I'm facing this quest on freebsd 8. I need to bind my little webserver running aolserver to port 80. In the past I was always using port 8080 and had my router configured to forward requests on port 80 to the server on port 8080. However, I am planning to host my little site on a virtual server with a hosting company and figuredI can't use the workaround I always used. So my question is, how to bind aolserver to port 80 without running?as root as I understood ports below 1024 can only be used by root. > I found a sysctl net.inet.ip.portrange.reservedhigh which enables me to set it to 0. However, I don't know what the security ramifications are of using that. Are there any other options I could consider? Hi, if your server isn't able to bind as root and then drop its ownership then you can just run the process on a higher port number and use something like pf or portfwd to forward requests to port 80 to that higher port.