Forum OpenACS Development: Re: Error when starting the service

Collapse
Posted by Cesar Dominguez on
Hi Gustaf,

Thanks for your response, The weird thing is that i always use the prebind as you mention.

eg.
sudo /usr/local/ns/bin/nsd -t /usr/local/ns/config-file.tcl -u nsadmin -g nsadmin -b 127.0.0.0:80,127.0.0.0:443.

This service has been up for about 4 years now, the only thing is that the server provider did restart the server and after that i got those errors, privileges to nsadmin never have been modified.

Collapse
Posted by Gustaf Neumann on
The operating system error is quite explicit - it reports a "Permission denied" error when trying to bind to IP 104.237.4.53 on port 80. Remember that binding to privileged ports (those below 1024) must be done with root privileges, and this binding occurs before the process drops its privileges to the user "nsadmin." Thus, even if you later switch to "nsadmin," the binding will have already failed.

I also noticed that your command uses the following bind option:

sudo /usr/local/ns/bin/nsd -t /usr/local/ns/config-file.tcl -u nsadmin -g nsadmin -b 127.0.0.0:80,127.0.0.0:443

Here, you're binding to 127.0.0.0, which is unusual because the standard loopback address is 127.0.0.1. Moreover, this IP address doesn't match the one shown in the error message (104.237.4.53). Could it be that the IP address of your host has changed, or might there be a misconfiguration in the bind option?

On a related note, you're currently using NaviServer 4.99.20, which was released over four years ago. There have been 10 newer releases in the 4.99 series since then. Although upgrading may not directly resolve the permission issue, it could offer other improvements and bug fixes that might benefit your setup.

Collapse
Posted by Cesar Dominguez on
Sorry about that, the 127.0.0.0 was for example purposes. The actual biding im using is:

sudo /usr/local/ns/bin/nsd -t /usr/local/ns/config-fd6prod.tcl -u nsadmin -g nsadmin -b 104.251.214.8:80,104.251.214.8:443.

Never had that error before when starting the service, after an upgrade on the service for example.

Collapse
Posted by Gustaf Neumann on
The actual biding im using is:
sudo /usr/local/ns/bin/nsd -t /usr/local/ns/config-fd6prod.tcl -u nsadmin -g nsadmin -b 104.251.214.8:80,104.251.214.8:443.

Are you aware of the fact, that the error message you have provided above reports a different IP address, namely 104.237.4.53:80?

Still wondering whether your server provider might have changed the IP address of this host...