Re: allowing ordinary users to open privileged ports

From: Casper Dik (casper_at_holland.sun.com)
Date: 09/04/04

  • Next message: Jason: "Re: allowing ordinary users to open privileged ports"
    To: rrepasa@ekonek.com
    Date: Sat, 04 Sep 2004 16:08:59 +0200
    
    

    > Has anyone in the list successfully tried allowing ordinary
    >users to open privileged (< 1024) ports? We have a solaris 8 on sparc
    >machine running an (java) application that normally uses ports > 1024;
    >however a client requested the application to use privileged ports
    >instead.
    >
    > This resulted in the application failing to start as the port
    >that the application was trying to bind to was < 1024. I've looked for
    >methods/workarounds to allow this but have so far come up empty.

    In Solaris 9 and before it is not possible to achieve this other than
    by running applications as root.

    In Solaris 10, you can give users the net_privaddr privilege
    which allows them to bind to privilege ports.

    Of course, this means that no part of the infrastructure should
    depend on reserved port based "authentication".

    (I.e., no .rhosts file authentication; no "auth_sys" NFS, etc.)

    Casper


  • Next message: Jason: "Re: allowing ordinary users to open privileged ports"

    Relevant Pages