httpd Server not started: (13)Permission denied: make_sock: could not bind to address [::]:88

Question

I am trying to start httpd server on centos 6. It throws following error :

[root@machine ~]# service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:88
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:88
no listening sockets available, shutting down
Unable to open logs
                                                           [FAILED]

I have also checked for port 88, It is not is use. I also checked with semanage, but it didn't help.

Any help will be appreciated.

Adding the port to SELinux worked for me, so thanks for the link. — superEb, Oct 18 '13 at 15:01
Edit the conf to change the port Apache uses to a number greater than 1024, like 8080 for example. I was using Ubuntu v20 in windows and editing like: sudo vi /etc/apache2/ports.conf — MTMDev, Feb 11 '21 at 16:35

score 135 · Answer 1 · answered Mar 16 '14 at 19:38

135

I happened to run into this problem because of missing SELinux permissions. By default, SELinux only allowed apache/httpd to bind to the following ports:

80, 81, 443, 488, 8008, 8009, 8443, 9000

So binding to my httpd.conf-configured Listen 88 HTTP port and config.d/ssl.conf-configured Listen 8445 TLS/SSL port would fail with that default SELinux configuration.

To fix my problem, I had to add ports 88 and 8445 to my system's SELinux configuration:

Install semanage tools: sudo yum -y install policycoreutils-python
Allow port 88 for httpd: sudo semanage port -a -t http_port_t -p tcp 88
Allow port 8445 for httpd: sudo semanage port -a -t http_port_t -p tcp 8445

answered Mar 16 '14 at 19:38

Abdull

26,371
26
130
172

I think that I had the same issue on Mac OS X (Darwin, Unix variant). Listening on port 88 **seemed** to restart just fine and didn't throw any errors, but I couldn't get any response back in the browser on that port. Once I changed it to 81 though it started working just fine. – Stephen Washburn May 16 '14 at 19:29
use dnf install policycoreutils-python-utils on Fedora 24 – e18r Aug 03 '16 at 19:42
see here for allow non root to bind certain ports: https://superuser.com/a/892391/216033 – Tilo Jun 13 '18 at 16:32
1

-m option (modify) worked for as the port i needed already defined for other selinux policy. – JCm Sep 27 '18 at 09:09
@Abdull, this sol is specific to the rpm based OS. what to do on debian or ubuntu – Andrew Feb 16 '22 at 12:23

score 56 · Accepted Answer · answered Jul 09 '13 at 08:08

56

Seems like you are running it not as "root". Only root can bind to this port (80). Check your configuration in the conf/httpd.conf file, Listen line and change the port to higher one.

answered Jul 09 '13 at 08:08

Igor Zilberman

1,048
1
11
16

2

you could use `sudo` – Andrew Mar 18 '18 at 13:57
@Andrew, no I couldnt, didnt have the privileges – Igor Zilberman Mar 25 '18 at 06:04
Thank you! In my case, I was using the `USER X` command in the Dockerfile which was the cause of the problem. Commenting it set the root as the default user again, and everything worked fine – Genarito Jun 07 '23 at 18:46

Ulrich-Lorenz Schlüter · Answer 3 · 2018-08-04T18:33:57.037

20

This is an addition to the answer by Abdull somewhere in this thread:

I had to modify instead of adding a port

semanage port -m -t http_port_t -p tcp 5000

because I get this error on adding the port

ValueError: Port tcp/5000 already defined

edited Aug 04 '18 at 18:33

answered Jun 13 '17 at 11:04

Ulrich-Lorenz Schlüter

440
6
12

This worked for me, although I added the SELinux policy & it was a success, still I needed to do this to make it work, ate up 30 minutes from my life :( – Broken Arrow May 11 '23 at 21:43

score 8 · Answer 4 · answered Feb 23 '14 at 09:21

8

At terminal run this command with root permission:

sudo /etc/init.d/apache2 start

You must be root for starting a webserver otherwise you would get similar error.

answered Feb 23 '14 at 09:21

Sohail xIN3N

2,951
2
30
29

true the root user access is needed. SO Sudo service apache2 restart will also restart like you have written with sudo /etc/init.d/apache2 start – vimal krishna Aug 24 '15 at 12:36

Sebas · Answer 5 · 2017-11-26T19:57:07.320

7

With my centos 6.7 installation, not only did I have the problem starting httpd with root but also with xauth (getting /usr/bin/xauth: timeout in locking authority file /.Xauthority with underlying permission denied errors)

# setenforce 0

Fixed both issues.

edited Nov 26 '17 at 19:57

answered Jun 05 '16 at 12:33

Sebas

21,192
9
55
109

That solved my problems on a Centos 7 on a vagrant driven dev server running apache2 on another port. Keep in mind though that you are actually disabling SELinux – meaning disabling security features. On a production server better use `semanage` to add the port as @Abdull mentioned – Hafenkranich Oct 20 '18 at 15:30

score 6 · Answer 6 · answered Nov 26 '18 at 14:17

6

Disable SELinux

Disable SELinux temporarily

sudo setenforce 0

Restart httpd service

service httpd restart

Disable SELinux persistently (after reboot)

vi /etc/selinux/config

Add line and save

SELINUX=disabled

answered Nov 26 '18 at 14:17

Jonny

314
4
6

I recommend disabling SELinux, start the webserver and do `grep -a AVC /var/log/audit/audit.log | grep httpd | audit2allow -a -M myhttpd` enable your myhttpd policy with `semodule -i myhttpd.pp` and enable SELinux again. – Ulrich-Lorenz Schlüter May 24 '23 at 18:58

score 3 · Answer 7 · edited Jul 01 '18 at 01:12

3

In my case, I tried to first use port 88 instead, and even then the httpd won't start.

I used the below command, i.e. modify instead of add, as suggested by one of users, and was able to run httpd.

semanage port -a -t http_port_t -p tcp 88

edited Jul 01 '18 at 01:12

Stephen Rauch

47,830
31
106
135

answered Jul 01 '18 at 00:54

SanjayMD

29
3

score 1 · Answer 8 · answered Nov 21 '22 at 08:12

1

after disable SELINUX, any port is aviable.

sudo -s;  
setenforce 0;  
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config;

answered Nov 21 '22 at 08:12

geekyouth

121
8

score 0 · Answer 9 · answered Oct 17 '19 at 08:32

In Linux(Centos 6 or higher) ports from 0 to 1024 are reserved for system use. you can force the system to bind to address any port lower than 1024 if you use root or privileged user.

I installed Apache-2.4 from source with non-root user and I solved this problem by allowing port higher than 1024(ex:8080) and modified http.conf file. chang Listen 80 to Listen 8080

score 0 · Answer 10 · edited Jan 31 '20 at 17:05

I had similar error while trying to start httpd service for openstack train installation in RHEL 7.5 too.

-- Unit httpd.service has begun starting up.
Jan 31 10:11:16 controller httpd[1631]: (13)Permission denied: AH00072: make_sock: could not bind to address 10.0.0.11:5000
Jan 31 10:11:16 controller httpd[1631]: no listening sockets available, shutting down
Jan 31 10:11:16 controller httpd[1631]: AH00015: Unable to open logs
Jan 31 10:11:16 controller systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jan 31 10:11:16 controller kill[1632]: kill: cannot find process ""
Jan 31 10:11:16 controller systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 31 10:11:16 controller systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed

Solution: It got resolved by disabling SElinux.

score 0 · Answer 11 · edited Jun 04 '20 at 23:02

0

I edited /etc/selinux/config, set SELINUX=disabled, then reboot; then it worked. Alternately, you can run setenforce 0; you don't need reboot, but this is once used.

edited Jun 04 '20 at 23:02

David Pisoni

3,317
2
25
35

answered Jun 04 '20 at 08:56

FZZF

17
1

score 0 · Answer 12 · answered Feb 23 '22 at 15:36

Just to add more info about this error, I had the similar error on CentOS 8.2:

sudo journalctl -xe

Error: Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:8081

So, I used the commands from Abdull and Ulrich-Lorenz Schlüter as a follow:

Install semanage tools for CentOS 8.2: sudo yum -y install policycoreutils-python-utils (For more info: https://www.cyberciti.biz/faq/redhat-install-semanage-selinux-command-rpm )
Allow port 8081 for httpd: sudo semanage port -a -t http_port_t -p tcp 8081

I got the following output: ValueError: Port tcp/8081 already defined

So, I ran:

sudo semanage port -m -t http_port_t -p tcp 8081

As Ulrich-Lorenz Schlüter mentioned.

Then: sudo systemctl start httpd

Now it is working fine.

Dawid Pura · Answer 13 · 2023-02-17T10:38:58.127

The actual solution here is to modify the existing port if it exists. For instance, when:

semanage port -a -t http_port_t -p tcp 88

ends up with:

ValueError: Port tcp/88 already defined

then it's very likely the port is having a different type, and to modify it, simply use:

semanage port -m -t http_port_t -p tcp 88

and then, you need to open that port via firewall-cmd if has been closed in your zone.

Also: disabling SELinux is a potential security vulnerability, don't do this on production instances!

score -1 · Answer 14 · answered May 24 '18 at 02:13

Start with root user or with sudo, it works fine, here is sample output:

[ec2-user@ip-172-31-12-164 ~]$ service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
                                                           **[FAILED]**
[ec2-user@ip-172-31-12-164 ~]$ sudo service httpd start
Starting httpd:                                            [  OK  ]
[ec2-user@ip-172-31-12-164 ~]$ sudo service httpd status
httpd (pid  3077) is running...

score -5 · Answer 15 · edited Oct 12 '17 at 05:41

-5

First kill all the hanged instances of httpd, and then try restarting Apache:

service httpd restart

edited Oct 12 '17 at 05:41

clemens

16,716
11
50
65

answered Oct 12 '17 at 05:19

Deven

1

httpd Server not started: (13)Permission denied: make_sock: could not bind to address [::]:88

15 Answers15