Re: Bind permissions

Chris Evans (
Tue, 25 Feb 1997 18:05:02 +0000 (GMT)

On Tue, 25 Feb 1997, BuckshoT wrote:

> Where do I set permissions for the bind command?
> Right now, only root can bind to ports below 1024. Is there a way to let
> another user (without giving them root permissions) bind to a port below
> 1024???
> Thanks in advance...

This is an idea I played with a little while ago, based upon an idea seen
on the kernel wish list home page... in the context of hopefully reducing
the amount of suid programs and/or programs run as root (dump, rcp,
rlogin, lpd, etc).

There are two approaches...

1) POSIX.6 (or whatever the newer, proper name is). A promising idea but
whoever was working on it hasn't said much recently....?

2) A table of owners for each port under 1024, maintained in kernel space
and settable with new calls/ioctls/etc. At boot-time a program can run and
set, eg, port 25 owned by sendmail, 80 by httpd... etc.. etc.. amount of
things running as root drops drastically.

Option 2 would actually be trivial to implement once the API for
getting/setting port ownerships was decided, but isn't really standard so
would it get into the kernel proper??