Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Java program unable to bind ports


    I'm running Fedora and have a Java program that attempts to bind ports 162 and 165 (SNMP). It is unable to bind these ports and gets an exception which says that "permission denied".

    I have the software firewall turned off and am not running the snmptrapd service. The snmpd service is running, which binds to the agent port 161 - so no conflicts there. I see nothing already bound to ports 162 and 165 when I run netstat.

    I found the hosts.allow file in the /etc directory, and tried putting this line into it: "ALL:ALL:ALLOW" from one of the help file examples - no effect on the errors.

    Can anyone tell me what if any security mechanisms may be stopping my program from accessing these ports, and how I can configure things to let it run correctly?

    Thanks - Dave

  2. #2
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284

    Re: Java program unable to bind ports

    Quote Originally Posted by davebp
    I'm running Fedora and have a Java program that attempts to bind ports 162 and 165 (SNMP). It is unable to bind these ports and gets an exception which says that "permission denied".

    I have the software firewall turned off and am not running the snmptrapd service. The snmpd service is running, which binds to the agent port 161 - so no conflicts there. I see nothing already bound to ports 162 and 165 when I run netstat.

    I found the hosts.allow file in the /etc directory, and tried putting this line into it: "ALL:ALL:ALLOW" from one of the help file examples - no effect on the errors.

    Can anyone tell me what if any security mechanisms may be stopping my program from accessing these ports, and how I can configure things to let it run correctly?

    Thanks - Dave
    Any program attempting to bind to a port below 1024 must be started as root for security. The idea was that a user on the box could not "killall sendmail" and then start their own version with "extra functionality" without having admin privs on the machine.

    Jason

    Jason

  3. #3
    Jason - Thanks! That makes sense.

    I can in fact get my program to work if I log on as root. Is there some clever way to accomplish the same thing from inside my run.sh shell script - without having to log on as root?

    Dave

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    Really all you can do is change the port the application listens on (so its > 1024).

    Alternativly, if possible in java, start it as root, and get it to switch user once it has bound to the port.

    Jason

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •