Although 80 and 443 are system ports, how are most web servers able to bind to them anyway

permissionsport-443service

Running a web-service that binds to port 80 usually doesn't require sudoer privileges.
Since ports 80/443 are system ports, meaning they can only be used by privileged users, how come those services are still able to bind to these ports?

Best Answer

There are basically two different approaches:

Initially start running as root, bind to the privileged port, and then drop down to an unprivileged user.
inetd, or xinetd runs privileged, and forwards the requests to web server running unprivileged.

Related Solutions

Linux – Ports below 1024

As far as I know this is, indeed, mainly just an historical convention; the idea being that when accessing a port under 1024 you can be sure you're accessing whatever the administrator of the server configured to run on the server. This made more sense back when servers where few and huge and you needed an easy way to authenticate, or at least judge the reliability of a service, by such basic means.

By the way, you may find that Capabilities do what you want. See this SO question for more information on the alternatives, but here's the sample use:

setcap 'cap_net_bind_service=+ep' /path/to/program

Centos – What can cause ALL services on a server to go down, yet still responding to ping? and how to figure out

(tl;dr still responding to ping is an expected behaviour, check your memory usage)

ICMP echo requests (i.e. ping) are handled by the in-kernel networking stack, with no other dependency.

The kernel is known as being "memory resident", which means it will always be kept in RAM, and can't be swapped to disk like a regular application can.

This means in situations where you run of out of physical memory applications are swapped to disk, but the kernel remains where it is. When both the physical and swap memory are full (and the system can no long manage your programs) the machine will fall-over. However because a) the kernel is still in memory and b) it can respond to ping requests without the help of anything else, the system will keep responding to ping despite everything being dead.

In regard to your problem I'd strongly suspect memory issues. Install "sysstat" and use the "sar" command to see a log of memory/cpu/load/io load etc. I would expect at the times of crash you'd see both 100% physical and swap used.

I would also consider looking at dmesg or /var/log/messages for any sign of the OOM-killer (out-of-memory-killer) being invoked. This is the kernel's emergency system which will start killing processes in the event of memory being exhausted. It's effectiveness depends largely on what processes are being killed. A single process eating up the memory will be efficiently killed and memory freed, however an apache-based website will spawn replacement processes as soon a child process is killed.

Best Answer

Related Solutions

Linux – Ports below 1024

Centos – What can cause ALL services on a server to go down, yet still responding to ping? and how to figure out

Related Topic