Today I learned that ports below 1024 can only be bound by the superuser. It’s amusing that I’ve never run into this problem before considering how much I play around with various servers.
The reason for that might be that most servers just tell you that “you need to be root to do this”, but not explain why so I wasn’t aware. Until today, when while trying to build a lightweight Compojure thing, it just refused to start.
The error message wasn’t exactly helpful either:
Exception in thread "main" java.net.SocketException: Permission denied, compiling:(/tmp/form-init930050230415713131.clj:1:72)
…
Caused by: java.net.SocketException: Permission denied
Since it listed that /tmp path there, at first I suspected it was some write permission problem. Except it couldn’t be since /tmp is of course writable.
Then I found a question about a problem similar to mine and the answer stated it all: bind over 1024 or root. Thanks for the helpful error message there, Java. (Yes, I hate Java.)
As much as I also hate Java, that error message isn’t its fault. It’s calling bind(), which is returning EACCES (which ultimately comes from the kernel). There’s no mechanism for the kernel to provide more detailed information about why permission was denied, and technically non-root processes can listen on low ports if they have CAP_NET_ADMIN.