Non-root processes using registered ports

Reinhard Tartler siretart at tauware.de
Thu Mar 9 08:30:18 UTC 2006


Billy Verreynne (JW) wrote:
> The registered port range (0-1024) can only be used (as services) by
> root processes. I would like a non-root process to use a specific port
> (we're doing some custom SMNP stuff).

This is by design. Only root processes can bind to ports <1024. Most
daemons which do so start as root, bind to that socket, and drop
priviledges afterwards.

> I want to do this without resorting to something like recompiling the
> kernel. Any ideas on how to properly do this - or to hack it in not a
> too dirty fashion?

If you are really after security, it may be worth in looking into
SELinux, (maybe AppArmour as well, but I havn't looked at that yet).
Both are kernel patches though.

Greetings,
	Reinhard






More information about the ubuntu-users mailing list