Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to allow nonroot user to bind to port 80
Operating Systems Solaris How to allow nonroot user to bind to port 80 Post 76979 by 98_1LE on Friday 1st of July 2005 08:57:37 PM
Old 07-01-2005
It is 8.1 SP2
 

9 More Discussions You Might Find Interesting

1. Linux

Unblock port 80 for none root user

Hi all, I am running an oracle application server but the problem is that the default port it is using is 7777 and if i want to make it port 80 i have to run the server as root which something i do not want to do. If i understand well to run on a port under 1024 the application needs root... (1 Reply)
Discussion started by: staind_art
1 Replies

2. Linux

resticting user to login using putty on port 21(ftp)

Hi, I am having small query and wheather it is possible ? that user can transfer the files using ftp client examples (filezilla) , but he can not use putty to login using ftp and run the commands, Regards, Manoj (2 Replies)
Discussion started by: manoj.solaris
2 Replies

3. Shell Programming and Scripting

Python: Bind to port 80 as root, then drop privileges?

I have written a small web server in Python, and now I would like to run it on port 80, but in order to be able to bind to a port below 1024 I need to have root privileges. I don't want to run the server as root, though. How can I bind to port 80 as root and then drop root privileges? Thankful... (0 Replies)
Discussion started by: Ilja
0 Replies

4. UNIX for Dummies Questions & Answers

permission to bind a socket to port 843?

I have written a flash socket security file server in PHP. The basic idea is that when Flash Player connects via socket to a server, the first thing it does is connect to port 843 and send a request for a 'socket policy file' by sending the string <policy-file-request/>. The problem I have is... (5 Replies)
Discussion started by: sneakyimp
5 Replies

5. Linux

How do I run HTTP server on port 80 using a non root user?

Hi experts, I want to run HTTP server on port 80, I learn from somewhere that it MUST not be run as root for security reason, how to do that? Thank you in advance! (14 Replies)
Discussion started by: kevintse
14 Replies

6. Solaris

How to enable Serial port on ILOM, when Network Port is enabled in parallel

Hi Everyone, In my environment, I have few T5220. On the iLOM Management Card, I have both Network and Serial port are cabled, I don't have any issues while I try to connect using Network Management port, but when I try to connect the serial port for the same server which is actually connected... (3 Replies)
Discussion started by: bobby320
3 Replies

7. Emergency UNIX and Linux Support

Script to check if user can bind, then output to file

Hi, I've been trying to find the answer with no luck. I'm hoping someone can help me. Here's what I need to do: Run a KSH script that will check: 1. Server (Client) Type (AIX 5.3, 6.1, SUSE, and HP-UX are the possibilities). 2. LDAP.cfg is configured correctly and the ldap client... (3 Replies)
Discussion started by: tekster2
3 Replies

8. Solaris

Cabling and adapters to communicate to service processor serial port from Windows PC with USB port.

Hello, I have an unloaded T5140 machine and want to access the ILOM for the first time and subsequently the network port after that., and then load Solaris 10 the final January 2011 build. The first part is what confuses me -the cabling. I am coming from a Windows machine (w/appropriate... (5 Replies)
Discussion started by: joboy
5 Replies

9. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

LEARN ABOUT DEBIAN

privbind

privbind(1)															       privbind(1)

NAME

       privbind - allow an unprivileged application to bind with reserved ports.

SYNOPSIS

       privbind -u user [ -g group] [ -n num] [ -l path] command [ arguments ... ]

DESCRIPTION

       Normally  in Linux, only a superuser process can bind an Internet domain socket with a reserved port (port numbers less than 1024). Accord-
       ingly, server processes are typically run with superuser privileges, which can be dropped after binding the reserved port.

       privbind can execute an application as an unprivileged user with just one extra privilege: it can bind to reserved ports.

       privbind is useful in several situations. It can be used when the application is not trusted enough; It can be  used  when  the	server	is
       written	in a language without the setuid(2) feature (e.g., Java(TM)); It can also be used to run applications which don't manipulate their
       own user id and need to be able to bind to a reserved port without needing any other root privileges.

OPTIONS

       -u     The -u option is mandatory, and specifies under which user to run the given command.  The user can be specified using either a user-
	      name or a numeric user id.  It should be an unprivileged (non-root) user.

       -g     Specifies  the  group to switch to when running the given command. If this option is missing, then the given user's default group is
	      used.

       -n     privbind's default behaviour is to allow the application to call bind(2) with reserved ports an unlimited number of times. In  order
	      to do that (see "HOW IT WORKS" below), the privbind helper process needs to wait for the application to exit before it terminates.

	      The  -n num option tells privbind that it can assume that only num binds need to be given elevated privileges.  After this number of
	      bind(2) calls have been executed, privbind's helper process will exit, leaving behind only the unprivileged application running.

       -l     Mostly for internal use during build. Gives the explicit path to the LD_PRELOAD library.

       -h     Shows a short help screen, and exits.

EXIT STATUS

       Using technical jargon, privbind execs command as its main process, running itself in the background  (as  a  child  of	the  application's
       process).  The  practical upshot of this, in layman's terms, is that the user never sees privbind's exit status. When running privbind, the
       process will exit whenever, and with whatever exit status, command does.

       The above point should be particularly noted when using privbind to run daemons.

SECURITY CONSIDERATIONS

       privbind has no SUID parts, and runs within the confines of a single process.  This serves to minimize the security implications  of  using
       it.  It	is  strongly  advised that privbind not be made SUID, as this would allow any user that can run it to run any process as any other
       (non-root) user. At the moment privbind detects such a situation and warns about it, but will continue with the execution.

HOW IT WORKS

       In a nutshell, privbind works by starting two processes. One drops privileges and runs (exec(2)) the command, the other	remains  as  root.
       Privbind makes sure to keep a unix domain socket connecting the two processes.

       Privbind  uses  LD_PRELOAD  to intercept every call to bind(2) made by the program. Calls that can be completed non-privileged are done so.
       Calls that require root privileges are forwarded to the root process, that carry them out on the program's behalf.

       A more detailed explanation is available in the README file.

BUGS

       privbind currently uses "SOCK_SEQPACKET" for communication between privileged and non-privileged processes. This socket type is only imple-
       mented on Linux kernel 2.6.4 and later, which makes privbind none portable to older Linux kernels and many other non-Linux platforms.

VERSION

       The version of privbind described by this manual page is 1.0 (June 12, 2007)

COPYRIGHT

       Copyright (C) 2006-2007, Shachar Shemesh plus others. See the AUTHORS file.

       privbind was written by Shachar Shemesh, with contributions from Amos Shapira and Nadav Har'El.

       privbind  is  free  software, released under the GNU General Public License (GPL).  See the COPYING file for more information and the exact
       license terms.

       The latest version of this software can be found in

	   http://sourceforge.net/projects/privbind

       Java is a registered trademark of Sun Microsystems.

SEE ALSO

       su(1), sudo(8), capabilities(7), bind(2), setuid(2), ld.so(8), unix(7)

Privbind 0.1							    22 May 2007 						       privbind(1)
All times are GMT -4. The time now is 02:14 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy