Bind unprivileged application to privileged port on Mac OS X

osxtcp

I'd like to create launchd.plist file for an httpd server. Problem is – when the httpd is run as privileged user it daemonizes, which is not allowed by launchd.plist manual page. If I don't run it as superuser – it cannot bind to privileged port (which is not necessary, but nice to have).

Question – what are my options for binding unprivileged daemon to a privileged port? I do know that Linux has privbind project. Is there a solution that can be used together with Mac OS X's launchd? Can/Should I use privbind and hack it together with launchd.plist format?

Best Answer

Apache supports several special debugging defines, to be used with -D:

  • NO_DETACH: Don’t detach from the controlling terminal.
  • FOREGROUND: (implies NO_DETACH): Don’t daemonize or detach from the controlling terminal
  • ONE_PROCESS (implies NO_DETACH and FOREGROUND): Don’t allow a child process to handle client requests; use the initial process instead.
  • DEBUG (implies all of the previous): Places the MPM into a special debug mode with additional logging.

Thus, running "httpd -D FOREGROUND" will keep it from daemonizing.

I also ran into a forum thread with a launchd plist for Apache2 that you might be able to adapt.

(Note: I know neither of these answer the actual question, but hopefully they're useful for the problem initially described.)

Related Question