Short answer: you can't. Ports below 1024 can be opened only by root. As per comment - well, you can, using CAP_NET_BIND_SERVICE, but that approach, applied to java bin will make any java program to be run with this setting, which is undesirable, if not a security risk.
The long answer: you can redirect connections on port 80 to some other port you can open as normal user.
Run as root:
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):
# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080
NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).
EDIT: as per comment question - to delete the above rule:
# iptables -t nat --line-numbers -n -L
This will output something like:
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 redir ports 8088
2 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
The rule you are interested in is nr. 2, so to delete it:
# iptables -t nat -D PREROUTING 2
it's because /proc/sys/net/nf_conntrack_max
is rely on the module nf_conntrack
. but this module will not be loaded by default when system started.
but if you run
iptables -t nat -L
or
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
this module will load automatically and set to the max number that your system support (the max number is 65536 if you ram is > 4G, but it's vary in different system.) you can set it to a bigger number (like 6553600) in /etc/sysctl.conf
).
Solution:
add one line at the end of the file /etc/modules
:
nf_conntrack
this modules would be loaded on system start before sysctl
executed.
Best Answer
Yes they are persistent across reboots (they're just files in a spool).
Regarding having access to them, as a regular user you won't have access to the files, but you could build a system to back them up. Maybe something like this:
If you needed to reload the job later:
(this is all mostly untested. The basic command are right but there's sure to be a bug in the logic in there somewhere)
Having said all that though, I'm not sure I'd use at for the task you describe. I'd probably use a preexisting calendaring system. Failing that though, I would user a cron job that ran daily that checked a file to see if there were any messages to send. Much more portable than at jobs, and much more likely to be remembered if you switch machines...