https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144894#M52442 <P>Hello,</P><P>I enabled HTTPS for my Ambari Server before I changed it to run as a non-root daemon user. After I enabled non-root daemon, I'm getting the following error:</P><PRE>24 Jan 2017 17:06:48,001 WARN [main] AbstractLifeCycle:204 - FAILED SslSelectChannelConnector@0.0.0.0:443: java.net.SocketException: Permission denied java.net.SocketException: Permission denied at sun.nio.ch.Net.bind0(Native Method) at sun.nio.ch.Net.bind(Net.java:433) at sun.nio.ch.Net.bind(Net.java:425) at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223) at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) at org.eclipse.jetty.server.nio.SelectChannelConnector.open(SelectChannelConnector.java:187) at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:316) at org.eclipse.jetty.server.nio.SelectChannelConnector.doStart(SelectChannelConnector.java:265) at org.eclipse.jetty.server.ssl.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:631) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) at org.eclipse.jetty.server.Server.doStart(Server.java:293) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) at org.apache.ambari.server.controller.AmbariServer.run(AmbariServer.java:617) at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:927) </PRE><P> It seems as though even though I've put in all the sudo settings (starting here: <A href="https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-security/content/commands_server.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-security/content/commands_server.html</A> ) the non-root user still doesn't have enough permissions to read the certificate to use for SSL binding. Does anyone know what is needed for this permission issue to be resolved? The SSL certificate and key are installed in /etc/ssl/certs/</P><P>I've been searching and I can't seem to find an answer to this.</P><P>Thanks</P> Wed, 25 Jan 2017 06:13:28 GMT eurodeebs 2017-01-25T06:13:28Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144894#M52442 <P>Hello,</P><P>I enabled HTTPS for my Ambari Server before I changed it to run as a non-root daemon user. After I enabled non-root daemon, I'm getting the following error:</P><PRE>24 Jan 2017 17:06:48,001 WARN [main] AbstractLifeCycle:204 - FAILED SslSelectChannelConnector@0.0.0.0:443: java.net.SocketException: Permission denied java.net.SocketException: Permission denied at sun.nio.ch.Net.bind0(Native Method) at sun.nio.ch.Net.bind(Net.java:433) at sun.nio.ch.Net.bind(Net.java:425) at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223) at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) at org.eclipse.jetty.server.nio.SelectChannelConnector.open(SelectChannelConnector.java:187) at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:316) at org.eclipse.jetty.server.nio.SelectChannelConnector.doStart(SelectChannelConnector.java:265) at org.eclipse.jetty.server.ssl.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:631) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) at org.eclipse.jetty.server.Server.doStart(Server.java:293) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) at org.apache.ambari.server.controller.AmbariServer.run(AmbariServer.java:617) at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:927) </PRE><P> It seems as though even though I've put in all the sudo settings (starting here: <A href="https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-security/content/commands_server.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-security/content/commands_server.html</A> ) the non-root user still doesn't have enough permissions to read the certificate to use for SSL binding. Does anyone know what is needed for this permission issue to be resolved? The SSL certificate and key are installed in /etc/ssl/certs/</P><P>I've been searching and I can't seem to find an answer to this.</P><P>Thanks</P> Wed, 25 Jan 2017 06:13:28 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144894#M52442 eurodeebs 2017-01-25T06:13:28Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144895#M52443 <P>@<A href="https://community.hortonworks.com/users/14595/eurodeebs.html">Dezka Dex</A></P><P>This does not look like SSL error. without SSL ( with http) are you able to start the server successfully?</P><P></P> Wed, 25 Jan 2017 06:57:48 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144895#M52443 apappu 2017-01-25T06:57:48Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144896#M52444 <P><A rel="user" href="https://community.cloudera.com/users/14595/eurodeebs.html" nodeid="14595">@Dezka Dex</A></P><P>looks like you are trying to use 443 port, can you please use different port number above 1024 . Please try 8443 port.</P> Wed, 25 Jan 2017 07:03:41 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144896#M52444 apappu 2017-01-25T07:03:41Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144897#M52445 <P><A href="https://community.hortonworks.com/users/14595/eurodeebs.html">@Dezka Dex</A></P><P>is this issue resolved? can you please mark the correct answer? </P> Thu, 26 Jan 2017 01:38:27 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144897#M52445 apappu 2017-01-26T01:38:27Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144898#M52446 <P><A rel="user" href="https://community.cloudera.com/users/11311/apappu.html" nodeid="11311">@apappu</A> </P><P>Sorry, I was just able to get to the office to try this out. This was the issue, thanks for your help! Just out of curiosity, why can't a non-root user use port 443?</P> Thu, 26 Jan 2017 02:40:25 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144898#M52446 eurodeebs 2017-01-26T02:40:25Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144899#M52447 <P><A rel="user" href="https://community.cloudera.com/users/14595/eurodeebs.html" nodeid="14595">@Dezka Dex</A></P><P>Thanks for the update. i think that is OS restriction, you can go through <A href="https://www.staldal.nu/tech/2007/10/31/why-can-only-root-listen-to-ports-below-1024/" target="_blank">https://www.staldal.nu/tech/2007/10/31/why-can-only-root-listen-to-ports-below-1024/</A></P> Thu, 26 Jan 2017 02:55:57 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Server-running-as-non-root-unable-to-bind-SSL-socket/m-p/144899#M52447 apappu 2017-01-26T02:55:57Z