Re: allowing ordinary users to open privileged ports
From: Casper Dik (casper_at_holland.sun.com)
To: Kapetanakis Giannis <email@example.com> Date: Mon, 06 Sep 2004 14:02:46 +0200
>On Sat, 4 Sep 2004, Casper Dik wrote:
>> In Solaris 9 and before it is not possible to achieve this other than
>> by running applications as root.
>> In Solaris 10, you can give users the net_privaddr privilege
>> which allows them to bind to privilege ports.
>> Of course, this means that no part of the infrastructure should
>> depend on reserved port based "authentication".
>> (I.e., no .rhosts file authentication; no "auth_sys" NFS, etc.)
>Just one question, by giving the net_privaddr privilege you allow
>all low ports to the specific user, or is there a way to assign a set
>of ports only?
It's all or nothing; I agree it would be nice to have some other
form of access control on specific ports.
(For those of you suggesting the use of "ndd": ndd does not allow
you to lower the lowest reserved port number)