Permissions problem with ssl socket binding

These are old archives. They are kept for historic purposes only.
Post Reply
Matridom
Posts: 296
Joined: Fri Jan 07, 2005 3:28 am

Permissions problem with ssl socket binding

Post by Matridom »

I'm in the process of moving Unreal to a new systems with a new install of Debain Testing (etch). When i run the IRCD it loads up, but SSL ports do not work. I know the compile went through with SSL support properly.

Now, when i rehashed the server, i get the following error.

[10:31am] -xxxxx- Error binding stream socket to IP 192.168.0.20 port 994 - xxxxx[192.168.0.20.994]:Permission denied

I can bypass this problem by running as root, but that's not what i want to do.

Now, i know my problem is OS oriented, but i can't seem to find any leads as to where my permissions problem lies.
Never argue with an idiot. They will bring you down to their level, then beat you with experience.
Top
Jason
Posts: 570
Joined: Mon Jun 14, 2004 5:09 pm

Post by Jason »

Although 994 is the official standard, 6697 is much more common. Even 6667 is unofficial.

Your best unreal-oriented solution is to run as root, but using unreal's SETUID features to drop privliges (I think its after binding). See include/config.h

irc 194/tcp #Internet Relay Chat Protocol
irc 194/udp #Internet Relay Chat Protocol
irc-serv 529/tcp
irc-serv 529/udp
ircs 994/tcp # irc protocol over TLS/SSL
ircs 994/udp
ircd 6667/tcp #Internet Relay Chat (unoffical)
Why the hell can't my signature be empty?
"Your message contains too few characters."
Top
aquanight
Official supporter
Posts: 862
Joined: Tue Mar 09, 2004 10:47 pm
Location: Boise, ID

Post by aquanight »

Yeah, 6667 and 6697 appear to be pretty standard ports now since it's pretty much a bad idea (plus not always possible) to run an ircd as root.

On that note, @linux you could theoretically grant a user/process the CAP_NET_BIND_SERVICE capability (see man 7 capabilities) and allow it to bind to <1024 without being root, but I don't know if the fsutils/pam really provide for all that yet afaik...
Top
Syzop
UnrealIRCd head coder
Posts: 2179
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:
Contact Syzop

Post by Syzop »

I would suggest just to use the 6697 (non-official) ssl port, so as a regular user.

I'm not aware of anyone using the official normal (non-ssl) port either (port 194), so I don't know why people tend to think they need to use 994 ;).
Top
Stealth
Head of Support
Posts: 2085
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:
Contact Stealth

Post by Stealth »

If you have root access, you can also IPTABLES 994 to 6697 if you want users to be able to connect with 994. If you run it from home, some routers have the function to accept connections on one port and forward them to another (such as accepting on 994, and forwarding to 6697)
Top
Matridom
Posts: 296
Joined: Fri Jan 07, 2005 3:28 am

Post by Matridom »

Router does not allow me to remap.

I figure it would be easiest and most practical to just move the port.


Thanx for the advice.
Never argue with an idiot. They will bring you down to their level, then beat you with experience.
Top
Post Reply

Return to “Unreal 3.2 Support”