Tux

...making Linux just a little more fun!

Privileged Port Access for Users

Britto I [britto_can at yahoo.com]


Wed, 10 Sep 2008 07:12:53 -0700 (PDT)

Folks

For some reason i want one my service should use the port < 1024

It says access denied for the users other than root. Can we have any workaround for this

-- 
Britto


Top    Back


Joey Prestia [joey at linuxamd.com]


Wed, 10 Sep 2008 07:51:25 -0700

Britto I wrote:

> Folks
> 
> For some reason i want one my service should use the port < 1024
> 
> It says access denied for the users other than root. Can we have any
> workaround for this
> 
> --
> Britto
> 

Britto,

Can you be more descriptive in your question? Try giving us information on what service your referring to what distro (Red Hat, Debian, Slackware) what version of the software your running. Did you do a package install or build the software from source? Stuff like that is very important for the people to know if you want help. Give as many details as you can possibly provide. The people on this list are very knowledgeable and can help but not if you don't help them by telling more about what the specifics are in regards to your problem.

Best,

-- 
Joey Prestia
L. G. Mirror Coordinator
http://linuxamd.com
Main Site http://linuxgazette.net


Top    Back


Thomas Adam [thomas.adam22 at gmail.com]


Wed, 10 Sep 2008 15:54:14 +0100

Hi --

2008/9/10 Britto I <[email protected]>:

> Folks
>
> For some reason i want one my service should use the port < 1024

Right -- so configure your warez^H^H^Hservice to listen on this port then.

> It says access denied for the users other than root. Can we have any
> workaround for this

Nope, since you've provided absolutely no information on what the service is.

-- Thomas Adam


Top    Back


Britto I [britto_can at yahoo.com]


Wed, 10 Sep 2008 08:20:31 -0700 (PDT)

Thanks Thomas and Joey.

The Operating system what i am using is Centos 5.2

We have our own java based software which is configured to use the port < 1024 for some testing.when i try to start running my process

I see the java exception which says ":: java.net.BindException: Permission denied"

As a root i could start and use without any issue

-- 
br


Top    Back


Jim Jackson [jj at franjam.org.uk]


Wed, 10 Sep 2008 19:30:59 +0100 (BST)

On Wed, 10 Sep 2008, Britto I wrote:

> Thanks Thomas and Joey.
>
> The Operating system what i am using is Centos 5.2
>
> We have our own java based software which is configured to use the port < 
> 1024 for some testing.when i try to start running my process
>
> I see the java exception which says ":: java.net.BindException: 
> Permission denied"
>
> As a root i could start and use without any issue

It is a common "security" feature to only allow root to use ports < 1024

There are a couple of solutions. Use an internet service launcher, like inetd or xinetd, to listen on the port and launch your application. I think xinetd can launch your application to run as a non-root user. However you'd have to alter you appl. to use stdin and stdout files instead of handling the sockets directly (actually this makes creating an itnernet application trivial - you don't need to understand sockets :-)

Alternatively make your application setuid root (see man chmod), so that when it is executed it starts as root, so it can listen on the priveleged port, then it can make a system call to stop being root and alter to a normal user - the C lib function is setuid.

I'm sure you could do a google code search for some example code.

cheers Jim


Top    Back


Ben Okopnik [ben at linuxgazette.net]


Wed, 10 Sep 2008 14:57:20 -0400

On Wed, Sep 10, 2008 at 07:12:53AM -0700, Britto I wrote:

>    Folks
> 
>    For some reason i want one my service should use the port < 1024
> 
>    It says access denied for the users other than root. Can we have any
>    workaround for this

Maybe. Depends on what you're doing. You could, for example, start a server on a low port as root and then drop the privileges of the server process - this is a common (and smart, if done right) tactic.

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *


Top    Back