Originally posted by: SystemAdmin

I'm trying to give a non-root user the right to start IBM HTTP Server(IHS), the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root, so the non-root user cannot start IHS.

/usr/IBMIHS/bin# ./apachectl start
(13)Permission denied: make_sock: could not bind to address :::80
no listening sockets available, shutting down
So I'm thinking to give some privilege to this user so he can use port 80...

Does anyone here know how to do this on AIX V5?

Thanks

Message was edited by: R36

Originally posted by: tony.evans

You can't directly, AFAIK.

Ports under 1024 are useable by root processes only.

You could install sudo, and configure it to allow this one user to start that daemon as root (this is what sudo is designed to do, you can restrict the commands available to only a specific one to start the daemon for example).

You can no longer set the SUID on scripts on AIX so you can't provide a script to do it. If the user knows the root password they could always just su - root -c /usr/IBMIHS/bin/apachectl start but that probably defeats the purpose.

Originally posted by: KarlM

I seem to recall that httpd used to be SUID root for just such reasons but I haven't had much dealing with IHS recently, when did it stop having SUID and could it be used as a fix here?

Originally posted by: X56C_Pablo_Diaz-Cordoves

In AIX 6 give privilege all ordinary users with this command:

setsecattr -c innateprivs=PV_NET_ inheritprivs=PV_NET_ accessauths=ALLOW_OWNER secflags=FSF_EPS /usr/IBMIHS/bin/apachectl