Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Non-root user access to privileged ports-Solaris 8
Operating Systems Solaris Non-root user access to privileged ports-Solaris 8 Post 302342851 by naw_deepak on Tuesday 11th of August 2009 01:30:17 AM
Old 08-11-2009
The best practice is to use high end ports to run Tomcat. The reason behind this:

The easy access of >1024 ports are only possible with root accounts which will further create security concerns.

Thanks,
Deepak
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Allowing access to ports < 1024 w/o root

I need to set up an application to run in a script which will be running as a web server but is a database. I need to allow users to use the web server but the app must be run as root in order for the ports to be accessible. This is not a very secure environment would like to know how this could... (2 Replies)
Discussion started by: rpollard
2 Replies

2. UNIX for Advanced & Expert Users

Forgot the privileged access password in ibm pseries615c3

Hi friends, I am having ibm pseries615c3 server. previously i set privileged access password for the firmware. Now i forgot that password. Help me to reset or remove the firmware password from the server. Otherwise anyone plz help me how to change the default boot device in pseries servers. I... (8 Replies)
Discussion started by: muthulingaraja
8 Replies

3. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies

4. Solaris

I can not access root user through LAN

Dear i have installed Solaris 10 on SUN V240 after installation i can not access system through root user if i access system through any other user it conects but root is not connecting through LAN if i connect through SC and then access root though cosole -f command it also works kindly... (6 Replies)
Discussion started by: rizwan225
6 Replies

5. Shell Programming and Scripting

access user history as root

Hi, I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history? thank you, S (4 Replies)
Discussion started by: sardare
4 Replies

6. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

7. Linux

nix User Access Restrictions to Network, USB ports, PCMCIA, CDROM

How to create a user account on a Linux desktop machine with restrictions on connecting to the LAN, WAN, PCMCIA ports, Firewire, CDROM and generally any user controllable output options? I have the task to set up a machine for users working with sensitive data that should not be leaving the... (1 Reply)
Discussion started by: netfreighter
1 Replies

8. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

9. AIX

How to check that rpcbind/portmap on AIX allowes updates from non privileged ports?

Hi, I am trying to implement a service on AIX based on ONCRPC protocal and I want to use a RPC library called oncrpc4j because it is a non-blocked i/o library. I found it works fine on my work machine (WIndows 7) but failed on my AIX work station. The author of oncrpc4j told me that check that... (1 Reply)
Discussion started by: derekhsu
1 Replies

10. Solaris

Sudo access of rm to non-root user

Hello, It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only. This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file. Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT OPENDARWIN

mach_init

MACH_INIT(8)						    BSD System Manager's Manual 					      MACH_INIT(8)

NAME

     mach_init -- Mach service naming (bootstrap) daemon

SYNOPSIS

     mach_init [-D] [-d] [-F] [-r name-in-existing-server]

DESCRIPTION

     mach_init is a daemon that maintains various mappings between service names and the Mach ports that provide access to those services.
     Clients of mach_init can register and lookup services, create new mapping subsets, and associate services with declared servers.  The
     mach_init daemon will also be responsible for launching (and/or re-launching) those service providing servers when attempts to use one or
     more of the associated services is detected.

     The options are as follows:

     -D      When the -D option is specified, mach_init starts in normal (non-debug) mode.  Logging is minimal (only security-related and process
	     launch failures are logged).  Core dumps are disabled for launched servers.  This is the default.

     -d      When the -d option is specified, mach_init starts in debug mode. Logging is extensive.  Core dumps will be taken for any launched
	     servers that crash.

     -F      When the -F option is specified, mach_init forks during initialization so that it doesn't have to be put in the background manually
	     by the caller.

     -r      Using the -r option tells mach_init to register itself in a previously running copy of mach_init under the service name
	     name-in-existing-server. This is most useful when debugging new instances of mach_init itself, but can also be used for robustness or
	     to allow the subsequent mach_init processes to run as a non-root user.  As mach_init is often used to launch servers, this could be
	     more secure.  However, mach_init will not allow a server declaration to specify a user id different than that of the requesting
	     client (unless the client is running as root).  So it shouldn't be required for a secure configuration.

     Access to mach_init is provided through the bootstrap series of RPC APIs over service ports published by mach_init itself. Each Mach task has
     an assigned bootstrap port retrieved via task_get_bootstrap_port().  These bootstrap port registrations are inherited across fork().

     The service registrations are grouped into subsets, providing a level of security. Only processes with access to the subset's bootstrap port
     will be able to register/lookup Mach ports within that subset.  Lookups from within a subset will search the subset first, then move on to
     its parent, and then its grand-parent, etc... until a string name match is found or the top of the bootstrap tree is reached.  Subsets are
     sometimes associated with login sessions to protect session-specific ports from being exposed outside the session.

     The first instance of mach_init is responsible for launching the traditional BSD process control initialization daemon (/sbin/init).

SAMPLE USAGE

     mach_init -d -r com.company.bootstrap

     mach_init will start in debug mode, and register itself in an already running instance of mach_init under the service name com.company.boot-
     strap.

NOTE

     Sending a SIGHUP to a running mach_init will toggle debug mode.

SEE ALSO

     init(8)

Mac OS X							  March 20, 2002							  Mac OS X
All times are GMT -4. The time now is 02:00 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy