Re: allowing ordinary users to open privileged ports
From: Casper *** (casper_at_holland.sun.com)
Date: 09/06/04
- Previous message: Jason: "Re: allowing ordinary users to open privileged ports"
- Maybe in reply to: randy calma repasa: "allowing ordinary users to open privileged ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Kapetanakis Giannis <bilias@edu.physics.uoc.gr> Date: Mon, 06 Sep 2004 14:02:46 +0200
>On Sat, 4 Sep 2004, Casper *** wrote:
>
>> In Solaris 9 and before it is not possible to achieve this other than
>> by running applications as root.
>>
>> In Solaris 10, you can give users the net_privaddr privilege
>> which allows them to bind to privilege ports.
>>
>> Of course, this means that no part of the infrastructure should
>> depend on reserved port based "authentication".
>>
>> (I.e., no .rhosts file authentication; no "auth_sys" NFS, etc.)
>>
>> Casper
>
>Just one question, by giving the net_privaddr privilege you allow
>all low ports to the specific user, or is there a way to assign a set
>of ports only?
It's all or nothing; I agree it would be nice to have some other
form of access control on specific ports.
(For those of you suggesting the use of "ndd": ndd does not allow
you to lower the lowest reserved port number)
Casper
- Previous message: Jason: "Re: allowing ordinary users to open privileged ports"
- Maybe in reply to: randy calma repasa: "allowing ordinary users to open privileged ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
