When I try to bind port 80 to a socket in c, i always get the error, that I don't have permission to use this port. is there an easy way to get this permission?
+12
A:
Usually only the superuser (root) can bind to 'privileged' ports (i.e. those port numbers below 1024).
This means that you either have to run your program as root or make your executable 'suid root'.
Both of these have security consequences so you may want to consider using the suid approach and relinquishing superuser privileges once the bind call has been made.
Charles Bailey
2008-10-03 22:25:43
Ports 1024 and below are actually called "privileged ports" not "secure ports", everything above 1024 are "ephemeral ports". Cheers.
ceretullis
2008-10-03 22:29:52
A:
If you are on a shared system (like a university computer) and not root then there is no 'easy' way to get that permission, by design.
Jeff
2008-10-03 22:27:21
+4
A:
You will find this tutorial very helpful on network programming with C/C++.
And, by the way, ANSI C has no way to access the network. It is the OS supplied libraries (the BSD socket API, also ported to Windows as winsock) that provide this capability.
Eli Bendersky
2008-10-03 22:28:36
Beej's guide to sockets is what I learned socket programming off at university, along with generations of other Computer Science Students. It's really good. Also, the works of W. Richard Stevens are a good tutorial in this space.
ConcernedOfTunbridgeWells
2008-10-03 22:35:56
Yes, though it takes considerably less time to read Beej's tutorials than Stevens' bibles :-)
Eli Bendersky
2008-10-03 22:42:10
A:
It's just as @Charles Bailey puts it...and I would like to add that this is why one used to see http server addresses on 8080 by port specification in the URL as http://some.url:8080/
epatel
2008-10-03 22:30:03
A:
Traditionally only root can bind sockets to ports under 1024.
ConcernedOfTunbridgeWells
2008-10-03 22:34:38
+1
A:
Ports 1024 and below are called Privileged Ports, binding to these ports requires elevated permission.
Ports above 1024 are called Emphemeral Ports. Binding to these requires no special permissions.
The easiest way to gain access to privilged ports is to be the root user.
ceretullis
2008-10-03 22:38:01
A:
Yes, you can easily bind to port 80. Use Apache. Write a web application. Apache binds to port 80 and runs your web application.
Are you trying to write the next Apache? If so, you'll need to learn about the setuid API call in your operating system.
If you're not writing a new version of Apache, most people use a non-privileged port. 8000 is popular, so is 8080.
S.Lott
2008-10-03 23:22:28
A:
S.Lott's reply may have triggered very negative reactions but his idea is far from stupid: if the original question is for a real program (not a school assignment), developing it as an application behind an HTTP server is often a reasonable choice. That way, you can leave a lot of low-level details to a good and well debugged program, Apache.
The application does not have to be a CGI, it can be an Apache module. Apache, from version 2, is no longer just a HTTP server. It is now a platform to develop network programs. Writing an Apache module may be the correct answer to the original question (see Apache documentation)
bortzmeyer
2008-10-04 20:38:45
Thank you. It took me a while to learn *why* there are privileged ports. It has to do with expectations -- you expect the http protocol at port 80, and there's already a nice piece of software to handle that protocol for you.
S.Lott
2008-10-04 23:09:18
A:
Normal programs can't bind "privileged" ports - those below 1024. This is a mostly obsolete security feature of UNIX-like operating systems.
Running as a superuser, although suggested by many others here, is a bad solution to this problem. If you are running on a Debian or Ubuntu system, I suggest installing the authbind package, which will allow you to grant your program permission to open privileged ports without actually having to give your program any other special permissions.
If you're running on any other system, I suggest installing debian or ubuntu ;-).
Glyph
2008-10-16 12:11:03