[Koha] Any downside of running Koha's z39.50 service on port 210?

Galen Charlton gmc at esilibrary.com
Sat Apr 16 02:14:14 NZST 2016


Hi,

On Thu, Apr 14, 2016 at 5:55 PM, Indranil Das Gupta <indradg at gmail.com> wrote:
> Now 210 tcp/udp is earmarked for z3950.
>
> Question: with a package based install is there any possible downside
> (especially security wise) to run on port 210? Anything that I should
> particularly look out for?

Since by default, only root can bind to ports less than 1024, the
stock koha-start-zebra won't let you do it, as it changes user to the
Koha instance user before starting zebrasrv.  However, there are
several ways around this:

- use iptables to forward port 210 to zebrasrv
- run metaproxy or yazproxy to listen on port 210 and pass queries on
to zebrasrv; if you expect that the Z39.50 target will be heavily
used, this approach can also save system resources, as metaproxy can
cache query results.
- use capabilities and grant zebrasrv an exception so that it can bind
on a privileged port
- just use a non-privileged port; I don't know of any Z39.50 clients
that don't let the user specify a non-default port.

Regards,

Galen
-- 
Galen Charlton
Infrastructure and Added Services Manager
Equinox Software, Inc. / Open Your Library
email:  gmc at esilibrary.com
direct: +1 770-709-5581
cell:   +1 404-984-4366
skype:  gmcharlt
web:    http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org


More information about the Koha mailing list