What is the standard way to work with applications that require access to privileged ports <1024?

Question

What is the standard way to work with applications that require access to privileged ports <1024?

I recently discovered the need to elevate the application to a higher privilege level so that bind() to port <1024.

I ran it with sudo , which is great for internal testing, but deploying it with root privileges is usually a very bad idea.

I heard about the root of setuid server, but when I looked at the source code for lighthttpd , for example, it shows:

 #ifdef HAVE_GETUID if (!i_am_root && issetugid()) { /* we are setuid-root */ log_error_write(srv, __FILE__, __LINE__, "s", "Are you nuts ? Don't apply a SUID bit to this binary"); server_free(srv); return -1; } #endif

What is the common way to allow privileged port binding? I only need a higher privilege for bind. After that, he can work as a regular user.

These are the ones I’ve heard of, but it’s not what is used by most software, so I ask this question.

setuid - root
setcap

+4

c linux sockets

Matt Feb 19 '13 at 3:42

source share

1 answer

mmlb · Accepted Answer · 2013-02-19T04:08:43+0000

You can assign the CAP_NET_BIND_SERVICE capability binary file or run as root to obtain a port and immediately remove permissions.

What is the standard way to work with applications that require access to privileged ports <1024?

More articles: