Arch Linux

Dush

Member

Registered: 2014-04-09

Posts: 2

How to have a service listening on port 80, and which can use OpenGL?

Hi,

I'm developing a small application in Java to control my players (MPlayer, Amarok, ...) with remote control: web access.

I would like to make this small application as a linux service (systemctl start/stop/enable <myApplicationService>). It need:
- listening on port 80: it provide a web application
- starting mplayer

If I start application as root (with systemctl), I can use port 80, but I can't start mplayer: it tell me it can't access to OpenGL.
But if I start my application as user, I can remotely start mplayer, but I have a permission denied for using port 80.

Do you have solution / idea to get both working?

Thanks,
Dush

ewaller

Administrator

From: Pasadena, CA

Registered: 2009-07-13

Posts: 19,784

Re: How to have a service listening on port 80, and which can use OpenGL?

Split it into two parts and use a named pipe or other communication method to connect the two.  One provides web service, the other runs the multimedia. 

There are other ways, but this is quick and simple.

---

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Mr.Elendig

#archlinux@freenode channel op

From: The intertubes

Registered: 2004-11-07

Posts: 4,092

Re: How to have a service listening on port 80, and which can use OpenGL?

Or use a unprivileged port, or drop permissions.

Last edited by Mr.Elendig (2014-04-10 12:05:34)

---

Evil #archlinux@libera.chat channel op and general support dude.
. files on github, Screenshots, Random pics and the rest

Dush

Member

Registered: 2014-04-09

Posts: 2

Re: How to have a service listening on port 80, and which can use OpenGL?

Hi,

Sorry for this late answer...

Spitting application in 2 parts is not a bad idea, but it's not as simple as it seam and it's not my immediate objective.

What's for the other solutions?
Is-it possible to create a specific user who can use port 80 and use multimedia?
How to start a service as unprivileged user?

Thanks,
Dush

kulpae

Member

From: Bremen

Registered: 2010-02-06

Posts: 34

Re: How to have a service listening on port 80, and which can use OpenGL?

Or set it up on an unprivileged port (>1024) running under user profile and forward port 80 to this port with iptables.

[starting a service as unprivileged user] well, simply executing your applications starts it under your user privileges, already. So nothing special.

But of course you could write a systemd service file (if you are using systemd) or sysV init script (if on sysV's init rc.d, etc) for your application, where you specify
under which users privileges to run your application (and when, e.g. autostart on system init)

To run an application under specific users privileges it's actually enough to use

sudo -u user -H ./application

For security reasons it's also recommended to setup a user account just for this app, so in case an attacker gets access to the shell, for example, through your application,
he/she will only be able to act under it's privileges.

cheers, kulpae

btw. you don't have to use port 80, to be able to access your network application.
Port 80 is the default www port, for all the other ports, you have to provide them to the browser like http://localhost:8080/path/parsed/by/your/applications/

Last edited by kulpae (2014-04-26 18:46:59)

brain0

Developer

From: Aachen - Germany

Registered: 2005-01-03

Posts: 1,382

Re: How to have a service listening on port 80, and which can use OpenGL?

This is easy to do with systemd. Let systemd start the program as unprivileged user, but let systemd open the port. It's easy to do in C, but I have no idea about Java.

EDIT: There is some information here.

Last edited by brain0 (2014-04-26 21:07:24)