Re: allowing ordinary users to open privileged ports

From: Casper Dik (casper_at_holland.sun.com)
Date: 09/06/04

  • Next message: Kapetanakis Giannis: "Re: allowing ordinary users to open privileged ports"
    To: Kapetanakis Giannis <bilias@edu.physics.uoc.gr>
    Date: Mon, 06 Sep 2004 14:02:46 +0200
    
    

    >On Sat, 4 Sep 2004, Casper Dik wrote:
    >
    >> In Solaris 9 and before it is not possible to achieve this other than
    >> by running applications as root.
    >>
    >> In Solaris 10, you can give users the net_privaddr privilege
    >> which allows them to bind to privilege ports.
    >>
    >> Of course, this means that no part of the infrastructure should
    >> depend on reserved port based "authentication".
    >>
    >> (I.e., no .rhosts file authentication; no "auth_sys" NFS, etc.)
    >>
    >> Casper
    >
    >Just one question, by giving the net_privaddr privilege you allow
    >all low ports to the specific user, or is there a way to assign a set
    >of ports only?

    It's all or nothing; I agree it would be nice to have some other
    form of access control on specific ports.

    (For those of you suggesting the use of "ndd": ndd does not allow
    you to lower the lowest reserved port number)

    Casper


  • Next message: Kapetanakis Giannis: "Re: allowing ordinary users to open privileged ports"