asked on

Low Ports run by non-root

Hello,

Currently Solaris requires that ports under 1024 be run only as root. So that means our webserver has to be launched as root. Yes, immediately after launching, Apache cloaks itself as another user. Nice feature.

But still I am having some problems because I want non-root users to be able to bring up/down processes on port 80.

I know using 'ndd /dev/tcp tcp_smallest_nonpriv_port' you can change it from 1024 to some lower port, like 80.

But is it possible to open a single port for non-root access, like ONLY 80, but leave 81-1024 default?

Thanks
Shane

ahoffmann

> But is it possible to open a single port for non-root access, like ONLY 80, but leave 81-1024 default?
no, only the way for example apache does it.

PsiCop

You could employ a tool like sudo (http://www.courtesan.com/sudo/) to allow normally-unprivledged users to perform privledged actions, such as launching a process that binds to a privledged port.

shanepresley

ASKER

Actually I'm having trouble with ndd -set /dev/tcp tcp_smallest_nonpriv_port #

It will let me set 1024 or higher, but won't let me do

ndd -set /dev/tcp tcp_smallest_nonpriv_port 80
operation failed, Invalid argument

Anyone know if on Solaris 8/9 you can chnge that value?

ASKER CERTIFIED SOLUTION

ahoffmann

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

chris_calabrese

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial