Re: allowing ordinary users to open privileged ports

From: David Meissner (dmeissner_at_jetcity.com)
Date: 09/06/04

  • Next message: Phil Eschallier: "RE: allowing ordinary users to open privileged ports" 
    Date: Sun, 05 Sep 2004 20:58:52 -0700
To: <rrepasa@ekonek.com>, <focus-sun@securityfocus.com>

    As far as I know there is no way to allow a regular user to open a port <
    1024. The request from the client doesn't make a lot of sense - perhaps it
    could be explained to the client that it is more secure to run the Java
    application on a non-privileged port. Or the application could be recoded
    to do something like what the Apache web server does - start as root to
    bind to the port, then switch to a non-root user. I have no idea if that is
    possible for a Java app.

    Or, maybe sudo could be used to allow a regular user to start the
    application - in this case though, the application would still be running
    as root.

    -David Meissner

    At 10:40 PM 9/2/2004 +0800, randy calma repasa wrote:
    >Hello all,
    >
    > Has anyone in the list successfully tried allowing ordinary
    >users to open privileged (< 1024) ports? We have a solaris 8 on sparc
    >machine running an (java) application that normally uses ports > 1024;
    >however a client requested the application to use privileged ports
    >instead.
    >
    > This resulted in the application failing to start as the port
    >that the application was trying to bind to was < 1024. I've looked for
    >methods/workarounds to allow this but have so far come up empty.
    >
    > I would appreciate any experiences or links that the list could
    >point me to.
    >
    > Thank you very much and best regards.
    >
    >Randy

  • Next message: Phil Eschallier: "RE: allowing ordinary users to open privileged ports"

    Relevant Pages

    • Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)
      ... That's the problem tunneling (port forwarding) solves. ... By definition, the client does that. ... there will be a case for forwarding server ... request to the client program which in consequence becomes a server. ...
      (Debian-User)
    • Re: how to do uni-directional udp network application
      ... without getting an explicit request. ... to get a valid client address for the server to use. ... If the port is one of the 'reserved ports', only EUID 0 can ...
      (comp.unix.programmer)
    • Re: Getting through firewalls using HttpWebRequest
      ... Generally, if the request is initiated by the client, then the response can ... made on any port and the firewall will allow it. ... > client software is reaching the server through port 80. ...
      (microsoft.public.dotnet.framework.webservices)
    • Re: how to do uni-directional udp network application
      ... without getting an explicit request. ... to get a valid client address for the server to use. ... If the port is one of the 'reserved ports', only EUID 0 can ...
      (comp.unix.programmer)
    • Basic Security Question
      ... When a client makes a request to a host ... server on the Internet using UDP port A of a router, ...
      (comp.security.firewalls)