{Fraud?} Xitami port access problem

Kelvin Woods kelvin at zednought.net
Mon Jan 28 17:03:29 GMT 2008


On Mon, January 28, 2008 15:44, Jamie White wrote:
> Ok, I changed the port base to 1004, shifting the http service to port
> 1084,
> and ftp service which xitami also provides to port 1025
>
> It worked fine on these two ports.
>
> Jamie
>
> On Jan 28, 2008 3:19 PM, Kelvin Woods <kelvin at zednought.net> wrote:
>
>> On Mon, January 28, 2008 15:03, Jamie White wrote:
>> > Hi
>> >
>> > After a bit of fiddling I managed to get the xitami webserver
>> working
>> > on my
>> > computer under root. However for fairly obvious reasons i'd rather
>> not
>> > run
>> > the server as root.
>> >
>> > So what I did is create  two new users:
>> >
>> > xitami
>> > xitami-www
>> >
>> > They both share the home directory /home/xitami, difference is, is
>> a
>> > setup
>> > that only allows xitami-www read only access to the home folder,
>> > xitami has
>> > read write access. Thought it make for quite good security.
>> >
>> > Now when I try to start xitami under the user xitami-www I get the
>> > following
>> > set of errors:
>> >
>> > Xitami/2.5c2
>> > Copyright (c) 1991-2003 iMatrix Corporation
>> > 2001/01/28 16:02:22: xilrwp: Could not open LRWP port 81
>> > 2001/01/28 16:02:22: Port is already used by another server
>> > 2001/01/28 16:02:22: smthttp: web server binding to address
>> 127.0.0.1
>> > 2001/01/28 16:02:22: smthttp: opening HTTP service on  port 80...
>> > 2001/01/28 16:02:22: could not open port 80
>> > 2001/01/28 16:02:22: Port is already used by another server
>> > 2001/01/28 16:02:22: Permission denied
>> >
>> > Now no services are on port 80 or for that matter 81. I am fairly
>> > certain
>> > somethings blocking xitami-www from listening on this port, I
>> > wondering what
>> > is likely to be blocking it, and how do I unblock it?
>> >
>> > Jamie
>> >
>>
>> If I understand what you're attempting to do correctly you're trying
>> to launch a service from a "normal" user account that wishes to use
>> a
>> priviledged port. This wouldn't be possible under standard security
>> constraints. I would guess that the error message about the port
>> already being in use is a bit of a red herring.
>>
>> To confirm this can you run the service on a higher port number i.e.
>> greater than 1024?
>>
>> --
>> Kelvin
>>
>>
>>
>
>
> --
> Jamie
>

Now we've confirmed a permissions problem if you follow Edmund
Craske's reply to the list you should be able to get a more suitable
resolution -- always assume you cannot or do not wish to run the
service on an unpriviledged port.

-- 
Kelvin





More information about the Ukfreebsd mailing list