Linux – Why is sudo required to start up a webserver on a given ip:port

linuxnetworkingsudo

I'm setting up a Python-based webserver on my Debian box.

Setup:

The Debian OS is VM based, but I've switched the VirtualBox from NAT to Bridged.
IP of the VM setup = 192.168.1.7 (per my router's admin screen or ifconfig).
I've succesfully set up my router's port forwarding for both ssh and HTTP.
I've successfully set up my router's dynamic dns using dyndns.com.

Regardless of the specific Python webserver I'm using (Django, CherryPy, standard library), I have to start the webserver @ 192.168.1.7:80 using sudo. Otherwise I get an error about not having permission to access the port. None of the webserver tutorials mention needing to use sudo when specifying an ip:port.

Question: why do I need to use sudo to start these webservers? Is it an indication that I shouldn't be using 192.168.1.7? Or that I'm not setting a config file properly somewhere?

Best Answer

Only processes with root permissions can listen on privileged ports. This is a standard Unix security convention.

Related Solutions

Linux – SSH tunnel connection refused

The connection from your server to XX.XX.XX.XX:8021 is refused.

If a program is configured to listen on the loopback interface, it will only answer to connections on the loopback interface's addresses (127.0.0.1 and ::1), not on any other addresses the same computer has.

You need to use:

ssh -L 6868:127.0.0.1:8021 -fN XX.XX.XX.XX

Note that the tunnel target is from the SSH server's perspective.

Linux – Sending Packets to tap0 interface

The tap is meant for bridged tunneling under OpenVPN - you're supposed to junction it into a bridge such as br0 using brctl.

The idea is you can put tap0 and eth0, for example, into a bridge br0 - then broadcast traffic traverses across this bridge. (Broadcast traffic coming in from tap0 will be forwarded to eth0 and vice versa whereas in a routed, standard situation it would not.) Your OpenVPN tunnel via tap0 is then "switched" into eth0 instead of "routed" into it. The entire br0 gets an IP and you deal with br0 instead of eth0 or tap0.

Completely possible to have a bridge with only one interface and add/remove additional interfaces with brctl as needed.

So either put tap0 into a bridge and deal with the bridge interface instead, or use tun interfaces.

It's also possible iptables rules are interfering.

Update - look here: http://backreference.org/2010/03/26/tuntap-interface-tutorial/ - particularly this excerpt:

The difference between a tap interface and a tun interface is that a tap interface outputs (and must be given) full ethernet frames, while a tun interface outputs (and must be given) raw IP packets (and no ethernet headers are added by the kernel). Whether an interface functions like a tun interface or like a tap interface is specified with a flag when the interface is created.

So looks like if you don't send full ethernet frames to tap0 it won't work as your expect because of this above.

Best Answer

Related Solutions

Linux – SSH tunnel connection refused

Linux – Sending Packets to tap0 interface

Related Question