On boot some daemons (like nis/ypbind) obtain priviledged ports via portmap/bindresvport(). Portmap assigns ports that are not in use at the time of request, usually above 600. This strategy sometimes conflicts with daemons that rely on fixed ports and that start after ypbind (like cups, slapd): they find that their port is already in use. This problem is well known since at least two years, not just with Debian but also with other Linux versions like Redhat [1,2].
Starting ypbind later during boot is no solution in general since some services rely on ypbind AND fixed priviledged ports. Possible solutions are: - Modify portmap/bindresvport such that certain blacklisted ports are skipped even if they are not yet in use when a new priviledged port ist requested. - Make use of a program like portreserve/portrelease [3]. When the portreserve daemon is started, it examines the /etc/portreserve/ directory. Each file not containing "." or "~" in its name is considered to be a service configuration file, and must contain a service name (as listed in /etc/services) or a port number. For example, /etc/portreserve/cups might contain the string "ipp". For each service configuration file, a socket is created and bound to the appropriate port. A service wishing to bind to its port must first run portrelease, which instructs portreserve to release the port associated with the service. The second solution requires only a few changes to Debian: - every daemon relying on a fixed port that might be affected by portmap has to drop a file in /etc/portreserve upon package installation. Furthermore, its init script has to call portrelease before the daemon is started. - portreserve/portrelease has to be included with Debian. I propose to modify Debian in this way. Gernot [1] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=103401 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306465 [3] http://cyberelk.net/tim/portreserve/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
