only root has access to port 21?
![](https://seccdn.libravatar.org/avatar/b5c5e490baabe2a25a6a11b61eabc1ec.jpg?s=120&d=mm&r=g)
The FTP server software I am using keeps telling me that port 21 "is in use ..." However, if I log on as ROOT and THEN run the same software, it works fine on port 21. And there are NO OTHER ftp servers running on this machine. The guy who wrote the software sent me the following 'fix': (BTW ... the server software is a java app, and the following instructions apply to Mac OS X): == Open a terminal session. Issue the following command. (Copy paste) == sudo chmod u+s /System/Library/Frameworks/JavaVM.framework/Versions/1.3.1/Commands/java == == Now when you launch CrushFTP, you have permission to launch and open a port below 1025. == == PLEASE NOTE!!!!!!!!!!!!!!!!!! == This will allow CrushFTP root access to your computer. It will also allow ANY == other .jar file you double click on root access. You have been warned! == That said...it works very nice like this...just like classic did. so ... how would I 'translate' this command to work in linux? I tried issuing the same command as above, but only changing the path to where java lives: sudo chmod u+s /usr/lib/jdk1.3.1/bin/java but this didn't work. Any ideas or suggestions? Thanks, --------------------------- Eric Carbone
![](https://seccdn.libravatar.org/avatar/d70f8a8240c69007852b9d1bf27e170b.jpg?s=120&d=mm&r=g)
* Eric Carbone (ERIC@morprinting.com) [020328 07:23]:
However, if I log on as ROOT and THEN run the same software, it works fine on port 21.
Only root can bind to ports < 1024
The guy who wrote the software sent me the following 'fix': == sudo chmod u+s /System/Library/Frameworks/JavaVM.framework/Versions/1.3.1/Commands/java
Oh my. I recommend removing this software and never running anything else that this person has written.
== other .jar file you double click on root access. You have been warned!
Well, at least you've been warned.
Any ideas or suggestions?
There are plenty of real ftp servers out there and, even with their notoriously poor security records, are better than running setuid root java programs. -- -ckm
participants (2)
-
Christopher Mahmood
-
Eric Carbone