Re: allow process or user to listen on priviledged ports?
From: Sven Köhler
Date: Thu Dec 25 2003 - 07:36:14 EST
I would give your application this capability (from #include "linux/capability.h")
/* Allows binding to TCP/UDP sockets below 1024 */
/* Allows binding to ATM VCIs below 32 */
#define CAP_NET_BIND_SERVICE 10
You do this with a setuid wrapper which drops all capabilities but
that one and then runs your application.
Thx for the answer! That's exactly what i search for.
I will try to write such a program. It seems that sucap keeps all
capabilities and drops none. Depending on the other capabilities, that
could be a bad idea.
Thx
Sven
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/