Articles tagged “linux”

Binding 80/TCP as non-root on your development server

neo-tux by sagarkshetri.com.np

So you have a Linux VM you use for development, because you want to mirror the production environment as closely as possible. You have many applications to deal with, they have to be running at the same time because they are nifty REST JSON web services.

You are very tired to remember which one you put on port 8081, and your configuration files slowly become a real mess. So you set up IP address aliases in for the network interface and decide to assign even host names – /etc/hosts is just fine – for each app.

Then, in such a setup, why would you still need to run them on ports higher than 1024? Wouldn’t be just great to type the application name in the browser address bar? Indeed it is, but it’s better to not run them as root, anyway.

The solution are Linux capabilities (see also here). The one that interests us is cap_net_bind_service: it gives a process the right to bind well-known ports (< 1024). If you use an interpreted language, of course you’ll have to add the capability to the interpreter itself. That’s why there’s development in the title of this article – you should not set this up on a production server, if you don’t know what you are doing.

One final quirk: if you happen to dlopen() shared objects that dynamically link towards libraries outside the canonical paths, you cannot load them via LD_LIBRARY_PATH (e.g. the SYBASE.sh) as it is ignored for setcap-ped processes. You should better move the library paths into an /etc/ld.so.conf.d snippet.

tl;dr

Assuming you are the latest and greatest rails developer, you should become root – or use sudo, as you wish – and

# YOU ARE ON YOUR DEVELOPMENT MACHINE
setcap cap_net_bind_service+ep `which ruby`

Profit:

thin start -a yourapp -p 80
>> Using rack adapter
>> Thin web server (v1.2.11 codename Bat-Shit Crazy)
>> Maximum connections set to 1024
>> Listening on yourapp:80, CTRL+C to stop
...
Posted at 14PM on 07/07/11 | 3 comments | Filed Under: development

The best way to begin a new day


XFS internal error XFS_WANT_CORRUPTED_RETURN at line 295 of file fs/xfs/xfs_alloc.c.  Caller 0xc018066c
 [<c017fed0>] xfs_alloc_fixup_trees+0x1b0/0x2e0
 [<c018066c>] xfs_alloc_ag_vextent_near+0x31c/0x9c0
 [<c018066c>] xfs_alloc_ag_vextent_near+0x31c/0x9c0
 [<c0180187>] xfs_alloc_ag_vextent+0xf7/0x100
 [<c01824fe>] xfs_alloc_vextent+0x35e/0x420
 [<c019015d>] xfs_bmap_alloc+0x80d/0x12b0
 [<c0111254>] try_to_wake_up+0xa4/0xc0
 [<c02cf248>] schedule+0x308/0x5c0
 [<c01939c4>] xfs_bmapi+0x514/0x1470
 [<c0130069>] find_lock_page+0x29/0xe0
 [<c013013c>] find_or_create_page+0x1c/0xb0
 [<c01d9116>] kmem_zone_zalloc+0x26/0x50
 [<c01a2296>] xfs_dir2_grow_inode+0xf6/0x3c0

continue reading >>>

Posted at 10AM on 05/26/09 | 0 comments | Filed Under: number 42

About

This is sindro.me, a weblog by Marcello Barnaba (@vjt) about technology, ruby, development, software, the internet, entertainment, politics, sociology, and the answer to Life, Universe, and Everything (42).

Links