Dear colleagues:
First of all, many thanks go to:
Mike Fletcher <fletch@ain.bls.com>
Justin Young <justiny@cluster.engr.subr.edu>
DenBesten@cs.bgsu.edu (William C. DenBesten)
iib.admin@mailbox.uq.oz.au (Sean OKelly)
Reto Lichtensteiger <rali@meitca.com>
Ian MacPhedran <Ian_MacPhedran@engr.USask.Ca>
Gregory Bond <gnb@bby.com.au>
stanley@OCE.ORST.EDU (John Stanley)
"Brian T. Wightman" <wightman@sol.acs.uwosh.edu>
Markus Storm <storm@mathematik.uni-paderborn.de>
Anatoly.Lisovsky@kamaz.kazan.su (Anatoly M. Lisovsky)
bern@TI.Uni-Trier.DE (Jochen Bern)
Richard Pieri <ratinox@unilab.dfci.harvard.edu>
vqh@dwrock.dw.att.com (Viet Q. Hoang)
SUMMARY:
>I have been given the task to install a W3 server that shall
>be administered by a user which is not root. The default port
>shall be 80 since other port numbers have to be added to the
>URL.
I forgot to mention: Administration does also include restarting
the http-daemon after editing the config-file. The motivation to
admit a non-root user to start the daemon is that the server is
dedicated to a research group which is rapidly growing. Thus, we
expect a frequent change of the config-files due to several groups
with different access permissions. The sysadmin (which is me)
shall not be bothered with this task.
>OS: Solaris 2.3; W3-Daemon: CERN_3.0
>My questions are:
>1. If using a port !=80, e.g. 8080: Is there any possibility
> to eliminate the port number from the URL (for example, by
> aliasing) ?
Three solutions:
1) Write setuid program that restarts httpd. However, this
cannot be recommended because it represents a security hole.
2) Run a proxy server on port 80 that redirects everything to 8080.
3) Cron job (e.g. daily) that restarts httpd).
I decided for solution 2).
>2. Is it possible to admit the use of port 80 to a "normal"
> user ? If yes, what is the procedure ?
No, impossible, because the OS limits the use of ports < 1024.
>3. I have tried to install httpd under inetd:
> step 1: # chmod 755 /etc/httpd/bin/httpd
> step 2: entry in /etc/services:
> "http 80/tcp"
> step 3: entry in /etc/inetd.conf:
> "http stream tcp nowait root /etc/httpd/bin/httpd
> httpd -r /etc/.../httpd.conf"
> step 4: restart of inetd-daemon
> It failed with the error message:
> HTTPD ERROR: Bad setup: Can't bind and listen on port.
> Explanation: Possibly server already running, or if running
> from inetd make sure you're not using -p flag or Port directive
> However, on that host there is no further W3 daemon and no process
> using port 80.
> a) Any solution for this problem ?
Several suggestions (incorrect flag setup for httpd, "ServerType standalone"
not set, "ServerType inetd" not set, p-flag set/not set), but all failed.
Who knows ...
> b) Can a non-root user administer the httpd-daemon when running under
> inetd ?
See above.
Thanks again.
I wish all of you a Merry Christmas and a Happy New Year !!
Matthias
_________________________________________________________________________
matthias@tet.uni-hannover.de Dipl.-Ing. Matthias Heinitz
Inst. f. Theoretische Elektrotechnik
Universitaet Hannover
Tel: +49 511 762 3250 Appelstr. 9A _/_/_/_/_/_/_/_/_/_/
Fax: +49 511 762 3204 30167 Hannover _/ _/_/ _/
URL: http://www.tet.uni-hannover.de/ Germany _/ _/_/_/ _/
_________________________________________________________________________
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:35 CDT