Solved

Non root user open ports below 1024

Posted on 2004-09-14
8
770 Views
Last Modified: 2013-12-27
Is it possible to allow a non root user permissions to open ports below 1024. I am trying to run an application that needs to listen on port 162 for SNMP traps but if the app is started as a non root user the app doesnt start. If I start is a root it runs okay. Any ideas?
0
Comment
Question by:pmg2004
8 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 12059644
Is the application something you have control of?

It's common to have process that listens to a privileged port is started as root and then forks off a process as a non priviledged user.
0
 

Author Comment

by:pmg2004
ID: 12059728
The port is actually being opened by a WebLogic startup class, and we are trying to avoid running WebLogic as root. Is it possible to grant permission to the user that starts WebLogic to open port 162?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12059984
> Is it possible to grant permission to the user that starts WebLogic to open port 162?

No. To open a port less than 1024 root privs are required. Of course that doesn't mean that the user must be root since you could make the task suid to root on execution.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 14

Expert Comment

by:chris_calabrese
ID: 12069593
Umm, just because it is possible to create an SNMP agent under WebSphere doesn't mean that it is a good idea....
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12130310
simple question, simple answer: NO.
0
 
LVL 2

Expert Comment

by:Matt_Avery
ID: 12248015
The canonical example of a process that listens on privileged ports as "root" and hands off the connections to other low-privilege processes is of course "inetd". If you can engineer your thingy to run under "inetd", you will avoid re-inventing the wheel.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 12393299
PAQed - no points refunded (of 125)

Computer101
E-E Admin
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now