[Mongrel] OSX requires sudo for using ports < 1024

David Vrensk david at vrensk.com
Thu Nov 16 17:11:58 EST 2006

On 11/16/06, Matt Pelletier <eastmedianyc at gmail.com> wrote:
> Mongrel runs without sudo on all other ports > 1024 otherwise. Anyone have
> the reason that these ports require sudo?

I suppose you could say that there is a historical reason.  Un*x machines
used to be multiuser computers with lots of users logged in over terminals
or phone lines, and not all users could be perfectly trusted.  Some of them
would have loved to overload the telnet service (port 23) to make it crash,
and then replace it with their own hacked version that would snoop on
people's passwords.  By protecting certain ports (< 1024), everyone could
safely assume that if they contacted a trusted host (e.g. one operated by
their university) on those ports, whatever process answered would be owned
by root.  This extended trust was used for other services too, like rlogin,
which allows a user to login on a remote host without a password if the two
hosts trust each other.

This security model is generally frowned upon today, but it does ensure that
on a UN*X-based web hotell, the web server is run by the management and not
by a random user.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/mongrel-users/attachments/20061116/4322bfa5/attachment-0001.html 

More information about the Mongrel-users mailing list