Re: allowing ordinary users to open privileged ports
From: Casper Dik (casper_at_holland.sun.com)
To: email@example.com Date: Sat, 04 Sep 2004 16:08:59 +0200
> Has anyone in the list successfully tried allowing ordinary
>users to open privileged (< 1024) ports? We have a solaris 8 on sparc
>machine running an (java) application that normally uses ports > 1024;
>however a client requested the application to use privileged ports
> This resulted in the application failing to start as the port
>that the application was trying to bind to was < 1024. I've looked for
>methods/workarounds to allow this but have so far come up empty.
In Solaris 9 and before it is not possible to achieve this other than
by running applications as root.
In Solaris 10, you can give users the net_privaddr privilege
which allows them to bind to privilege ports.
Of course, this means that no part of the infrastructure should
depend on reserved port based "authentication".
(I.e., no .rhosts file authentication; no "auth_sys" NFS, etc.)