Re: [naviserver-devel] Permission Denied for Ns_SockBind

Fri, 29 Jul 2016 07:01:27 -0700 

Dear David,
when running nsd on a privileged port, you have to use the "-b" option to prebind to this port, like e.g. 


     nsd -u openacs -g nsadmin -i -t ...../config-ns.tcl -b 
[137.208.116.31]:80,[2001:628:404:74::31]:80



as documented in [1]. this example is more complex than you need, since 
it binds to an IPv4 and an IPv6 address. You get probably the same 
message with NaviServer 4.99.11. The main difference in this respect 
between NaviServer 4.99.11 and earlier is that previous version did not 
report many error conditions, newer versions are more chatty .... which 
is important for debugging and for people starting to use IPv6.


all the best
-g

[1] http://naviserver.sourceforge.net/n/manual/files/admin-maintenance.html

Am 29.07.16 um 14:13 schrieb David Osborne:

Hi,


I'm having a few problems with a new build of Naviserver on Debian 
(wheezy & Jessie).



Using Tip, when I try to start naviserver listening on a privileged 
port, with a non-root (but system) user, I'm getting a permission 
denied error from within Ns_SockBind:


eg.

[29/Jul/2016:10:05:07][10999.7f2010c16700][-driver:nssock-] Notice: 
bind operation on sock 17 lead to error: Permission denied
[29/Jul/2016:10:05:07][10999.7f2010c16700][-driver:nssock-] Warning: 
bind on: SockAddr family AF_INET, ip 0.0.0.0, port 80
[29/Jul/2016:10:05:07][10999.7f2010c16700][-driver:nssock-] Error: 
Ns_SockBinderListen: sendmsg() failed: sent 56 bytes, 'Permission denied'
[29/Jul/2016:10:05:07][10999.7f2010c16700][-driver:nssock-] Error: 
nssock: failed to listen on [0.0.0.0]:80: Permission denied


To reproduce I do the following:

hg clone https://bitbucket.org/naviserver/naviserver
cd naviserver

./autogen.sh --disable-ipv6 --with-tcl=/usr/lib/tcl8.5 --enable-rpath 
--enable-threads

make
make install
chown -R nsd /usr/local/ns
Edit: /usr/local/ns/conf/nsd-config.tcl
   -> change port from 8080->80
/usr/local/ns/bin/nsd -c -u nsd -t /usr/local/ns/conf/nsd-config.tcl


Things which work fine:-

- Running as root:
/usr/local/ns/bin/nsd -c -u root -t /usr/local/ns/conf/nsd-config.tcl
- Using a non-privileged port eg. 8080

- Naviserver version 4.99.8 seems to work fine when doing the above 
reproduction steps.



Can someone point me in the right direction here as to what I'm doing 
wrong...?


Thanks in advance
--
David



------------------------------------------------------------------------------

_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel






















					Reply via email to