dxuranus
2006-Jul-06 00:56 UTC
[CentOS] [Fwd: How to listen port under 1024 with non-root user]
I make a simple mail program which need listen port 25 and 110.but i found it's imposible , after searching with google i found non-root user can't listen port under 1024.at first i try a script(witch lauch my program) and use setuid but that still did't work.any way can handle this. Thanks for any help. -------------- next part -------------- An embedded message was scrubbed... From: dxuranus <dxuranus at gmail.com> Subject: How to listen port under 1024 with non-root user Date: Wed, 05 Jul 2006 17:35:01 +0800 Size: 680 URL: <http://lists.centos.org/pipermail/centos/attachments/20060706/5c7413e6/attachment-0002.mht>
Jason Bradley Nance
2006-Jul-06 01:06 UTC
[CentOS] [Fwd: How to listen port under 1024 with non-root user]
> at first i try a script(witch lauch my > program) and use setuid but that still did't work.You can't suid bash scripts. It's a security feature. Your other options would be to write a wrapper in something such as C or Perl to change what user the script runs as. j -- Jason Bradley Nance What would you cry for? aitrus at tresgeek.net Swallow your pride for? Tres Geek What would you go wild for? http://tresgeek.net/ -Poe, "Wild" --
Rodrigo Barbosa
2006-Jul-06 01:07 UTC
[CentOS] [Fwd: How to listen port under 1024 with non-root user]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Jul 06, 2006 at 08:56:17AM +0800, dxuranus wrote:> I make a simple mail program which need listen port 25 and 110.but i > found it's imposible , after searching with google i found non-root user > can't listen port under 1024.at first i try a script(witch lauch my > program) and use setuid but that still did't work.any way can handle > this. > Thanks for any help.Yes, that is correct. It is impossible, on the Unix model, for a non-root program to listen to a privileged port (<1024). The best solution is for the program to start as root, bind to the port, than lower its privileges using the setuid() family of functions. I particularly enjoy setreuid(). - -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFErGJIpdyWzQ5b5ckRAvKRAKCYWoM4usgiGkNdujELoV6kXzUW0wCggcyj l7IHsLPxOjMAsSnTmVmb0ZU=HCbi -----END PGP SIGNATURE-----
bryan davis
2006-Jul-06 04:25 UTC
[CentOS] [Fwd: How to listen port under 1024 with non-root user]
You can also use iptables to redirect the packets /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d <your ip> --dport 25 -j REDIRECT --to-port <high port your script listens on> I've used this for java programs in the past. ----- Original Message ----- From: "dxuranus" <dxuranus at gmail.com> To: "centos" <CentOS at centos.org> Sent: Wednesday, July 05, 2006 7:56 PM Subject: [CentOS] [Fwd: How to listen port under 1024 with non-root user]>I make a simple mail program which need listen port 25 and 110.but i > found it's imposible , after searching with google i found non-root user > can't listen port under 1024.at first i try a script(witch lauch my > program) and use setuid but that still did't work.any way can handle > this. > Thanks for any help. >--------------------------------------------------------------------------------> _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >