A client of mine wants to use an FTP Server app called CrushFTP (www.crushftp.com). It looks like a great program. (Simple GUI, powerful features, etc). It has a big problem, though: It is a java based app. When you start it up, it assumes you want to use port 21 for FTP. (the norm). However, you immediately get an error that 'cannot use port 21...' The author of this app offers the following solution (see text between **** below) (Please note that the instructions below are specific to Mac OS X, but I have the same problem in linux) My question: Since I don't want to log on as root, how do I go about giving a user the necessary 'root' privileges? Thanks, Eric Carbone *************** Open a terminal session. To enable CrushFTP to run properly, issue the following command. sudo chmod u+s /System/Library/Frameworks/JavaVM.framework/Versions/1.3.1/Commands/java PLEASE NOTE!!!!!!!!!!!!!!!!!! The reason why this is necessary is because ports below 1025 (such as "21" that an FTP server runs on) are considered reserved ports. Why? Legacy. So, in order to open a server on port 21 you must have permissions. Either log into the computer as root (not recommended), or run the server as if you were the root user (many servers implement this one way or another.) The command you pasted will allow CrushFTP root access to your computer. It will also allow any other .jar file you double click on root access. You have been warned! That said...it works very nice like this. It works like MacOS 9, Windows, even Linux. It's the Unix backbone that makes this necessary. ***************
Hi "sudo" is one good choise for You... Jaska. On Thursday 21 November 2002 17:58, Eric Carbone wrote:
A client of mine wants to use an FTP Server app called CrushFTP (www.crushftp.com). It looks like a great program. (Simple GUI, powerful features, etc).
It has a big problem, though: It is a java based app. When you start it up, it assumes you want to use port 21 for FTP. (the norm). However, you immediately get an error that 'cannot use port 21...'
The author of this app offers the following solution (see text between **** below) (Please note that the instructions below are specific to Mac OS X, but I have the same problem in linux)
My question: Since I don't want to log on as root, how do I go about giving a user the necessary 'root' privileges?
Thanks, Eric Carbone
***************
Open a terminal session. To enable CrushFTP to run properly, issue the following command.
sudo chmod u+s /System/Library/Frameworks/JavaVM.framework/Versions/1.3.1/Commands/java
PLEASE NOTE!!!!!!!!!!!!!!!!!!
The reason why this is necessary is because ports below 1025 (such as "21" that an FTP server runs on) are considered reserved ports. Why? Legacy. So, in order to open a server on port 21 you must have permissions. Either log into the computer as root (not recommended), or run the server as if you were the root user (many servers implement this one way or another.)
The command you pasted will allow CrushFTP root access to your computer. It will also allow any other .jar file you double click on root access. You have been warned! That said...it works very nice like this. It works like MacOS 9, Windows, even Linux. It's the Unix backbone that makes this necessary.
***************
Eric Carbone wrote:
***************
Open a terminal session. To enable CrushFTP to run properly, issue the following command.
sudo chmod u+s /System/Library/Frameworks/JavaVM.framework/Versions/1.3.1/Commands/java
PLEASE NOTE!!!!!!!!!!!!!!!!!!
The reason why this is necessary is because ports below 1025 (such as "21" that an FTP server runs on) are considered reserved ports. Why? Legacy. So, in order to open a server on port 21 you must have permissions. Either log into the computer as root (not recommended), or run the server as if you were the root user (many servers implement this one way or another.)
The command you pasted will allow CrushFTP root access to your computer. It will also allow any other .jar file you double click on root access. You have been warned! That said...it works very nice like this. It works like MacOS 9, Windows, even Linux. It's the Unix backbone that makes this necessary.
***************
Changing the permissions of the Java runtime environment doesn't strike me as a very smart idea - unless I'm missing something here, this will run all_ Java apps, started by any user of the system, as root... It will also mean that if the FTP server is compromised, the cracker is much more likely to achieve full root priveleges (since the FTP server already has them). Generally, Linux servers start with root priveleges and then change to a more restricted account once they've bound to the port. Can anyone suggest what the correct way to handle this would be, with a Java server? -- Geoff Beaumont Geoff@stormhammer.com
On Thursday 21 November 2002 16:58, Eric Carbone wrote:
A client of mine wants to use an FTP Server app called CrushFTP (www.crushftp.com). It looks like a great program. (Simple GUI, powerful features, etc).
It has a big problem, though: It is a java based app. When you start it up, it assumes you want to use port 21 for FTP. (the norm). However, you immediately get an error that 'cannot use port 21...'
Sorry, but I am a little confused here. This is a server. So you are starting the server as root or as a a normal user? Typically you are supposed to start servers as root. All the "normal" servers started out of /etc/init.d are started as root, and as Geoff pointed out will often switch to a more restricted user. If you can log into the system as root, why can't you simply start the server as root? If you are trying to start it as root, and get this errror, perhaps something is already bound to port 21. Is there no more to the error to indicate whether is is a permissions problem or not? Immediately after you run it an get this error, what does "echo $?" show?
The author of this app offers the following solution (see text between **** below) (Please note that the instructions below are specific to Mac OS X, but I have the same problem in linux)
My question: Since I don't want to log on as root, how do I go about giving a user the necessary 'root' privileges?
<snip>
The reason why this is necessary is because ports below 1025 (such as "21" that an FTP server runs on) are considered reserved ports. Why? Legacy. So, in order to open a server on port 21 you must have permissions. Either log into the computer as root (not recommended), or run the server as if you were the root user (many servers implement this one way or another.)
Sorry, but this does not sound right to me. Maybe because I am not sure what is meant here by "log into the computer as root". Is he talking about the user that is used to make the ftp connection. If so, the user used to login should be irrelevant. If it's the user on the originating system, then it should not matter what user either, as that port is not 21 anyway, but something random.
The command you pasted will allow CrushFTP root access to your computer. It will also allow any other .jar file you double click on root access. You have been warned! That said...it works very nice like this. It works like MacOS 9, Windows, even Linux. It's the Unix backbone that makes this necessary.
What's that last sentence supposed to mean? Regards, jimmo -- --------------------------------------- "Be more concerned with your character than with your reputation. Your character is what you really are while your reputation is merely what others think you are." -- John Wooden --------------------------------------- Be sure to visit the Linux Tutorial: http://www.linux-tutorial.info --------------------------------------- NOTE: All messages sent to me in response to my posts to newsgroups, mailing lists or forums are subject to reposting.
participants (4)
-
Eric Carbone -
Geoff Beaumont -
jaakko tamminen -
James Mohr