Privileged ports and users

har3 · n00b Joined: 28 Apr 2004 Posts: 5

Hi all.

I need to run some services as a user on privileged ports (<1024).
How can I accomplish that.

Thanks.

nightblade · Posted: Thu Sep 23, 2004 9:44 am Post subject:

If you mean that a service on a privileged port must run with low privileges, just drop root privileges after the service is started (apache does that, for instance). You should be able to accomplish this with setuid() and setgid() functions.

If you mean that a regular user must be able to start a service on a privileged port, I think you only need to set the suid bit of the program that launches that service, so that it will be launched by the user but it will run with root privileges.

Keep in mind that you are messing with limitations that are in place to secure your system, so be careful

_________________
In God we trust. All the others must provide a valid X.509 certificate

har3 · n00b Joined: 28 Apr 2004 Posts: 5

Thanks for your reply nightblade.

I'm trying to run eggdrop, so that its telnet part will listen on some privileged port (firewall issues).

nightblade · Posted: Thu Sep 23, 2004 1:42 pm Post subject:

what about getting eggdrop to listen on some non-privileged port, and then set an iptables rule to forward the traffic from a privileged port to the non-privileged one ? You would solve the problem making eggdrop run without root privileges, which I think is quite nice

_________________
In God we trust. All the others must provide a valid X.509 certificate

har3 · n00b Joined: 28 Apr 2004 Posts: 5

Great idea!

Got it working with some iptables trickery.

Thank you nightblade.

nightblade · Posted: Fri Sep 24, 2004 8:21 am Post subject:

Glad it was useful, mate !

_________________
In God we trust. All the others must provide a valid X.509 certificate