Privileged ports

The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feaure, in that if you connect to a service on one of these ports you can be fairly sure that you have the real thing, and not a fake which some hacker has put up for you.

The normal port number for W3 servers is port 80. This number has been assigned to WWW by the Internet Assigned Numbers Authority, IANA.

When you run a server as a test from a non-privileged account, you will normally test it on other ports, such as 2784, 5000, 8001 or 8080.

Under Unix

The Internet Daemon inetd (running as root) can listen for incomming conections on port 80 and pass them down to a process with a safer uid for the server itself. However, the httpd versions 2.14 and later can be safely run as root since they automatically change their user-id to nobody or some other user-id depending on server setup.

Under VMS

Under UCX, the process running as a server needs BYPASS privilege to listen to ports below 1024. This might mean you have to install the server. With other TCP/IP packages, privilege of some sort is similarly required.

[email protected], July 1995