> If you try to configure ejabberd to bind to port 80 or 443, by modifying > ejabberd.cfg, the following behaviour is observed: > - you can successfully start the process > - ejabberd binds to configured ports above 1023 > - ejabberd is not bound to configured ports below 1024 > > The bug: no error is generated to say why the ports below 1024 are not > bound
It's true. I'll try to fix it (I think that generating an error message to the log is enough.) > Ultimately, it is failing to bind to ports below 1024 because it is > started as the user ejabberd instead of the user root. > Corrections: > - documentation (README.Debian) should inform the user that it is not > possible to bind on port 80 or 443 because the process is not running as > root It will be done in the next ejabberd upload. > - ejabberd should log an error and possibly refuse to start if any of > the configured ports can not be bound successfully Logging an error is enough for me. > - there should be a feature that allows ejabberd to start as root, bind > to the required ports, and then change to the ejabberd user (similar to > the way the `named' process behaves) It's hard for erlang application, so I don't think that it worth doing that. Erlang appplication can't drop privileges, and soket binding to privileged port by a non-privileged user requires an external suid program which isn't available in Debian. > Why this is important, documentation: > - for usage of Jabber to spread, we must make it easy to get through > firewalls > - many corporate firewalls, by default, will only allow the `HTTP > Connect' proxy method to connect to servers on port 443 > - configuring ejabberd to listen on port 443 is a very effective way > to allow incoming connections from users who are behind firewalls I don't agree that it's important. I think that all services should be bound to their assigned ports. Otherwise the system becomes a mess. >From the other hand, do you really think that "corporate firewalls" are set by evil people just to prevent XMPP to spread? BTW, if you want Jabber server to listen at port 443 you can redirect it by a firewall. -- Sergei Golovan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
