?
Solved

How to open ports below 1024 as a user (Redirect maybe)

Posted on 2004-11-22
8
Medium Priority
?
865 Views
Last Modified: 2013-11-15
Hello,

My problem is with Slackware Linux. I need to start a tunneling server written in java, but I cannot use port 443, because I have no root permissions. However the proxy I need to bypass only allows connect to 443. So is there any way for me as a user to start my server on this port or to redirect this port to so higher and listen there. I could ask the admin to do something, so if it's the only way, I would appreciate such solution also. Thank you!
0
Comment
Question by:avok
  • 4
  • 3
8 Comments
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12653020
Users dont have access to the privilaged ports below 1024 for very good security reasons. I suggest you talk to your admin, he/she might take offence if you start effectivly hacking the network to access the privilaged ports.
0
 

Author Comment

by:avok
ID: 12656225
I'm not going to argue about how good these security reasons are. If you must know he/she does not care much to help me configure my servers. So I am trying to do it myself. As I mentioned I would be glad to hear for something that the admin must do himself. But I need to tell him what to do exactly. If you are now satisfied with my moral, could you please answer something on the topic?
0
 
LVL 13

Expert Comment

by:Caseybea
ID: 12657113
Opening up a server on a privileged port requires root access.     The short answer to this question is "yes, only the system administrator can do this".

I also suspect your sysadmin will not give you the root password.

I do, however, have a USEFUL alternative that you and your sysadmin might wish to consider:

There is a really great workaround- a nifty tool called "sudo".   it stands for SUPER USER DO.   It allows regular users to do "root level" commands.    For example, let's say that you want the ability to stop and start the apache webserver on that box.   You don't want to have to keep bothering the system administrator.   With sudo, you both can have the best of both worlds.   He doesn't have to give you the root account, and you can do your ONE (or two, or three....) root-level commands.  And ONLY those commands.

This will, of course, require cooperation from your sysadmin to install this initially, and configure the specific commands s/he wants to allow you to do.  

This is where you obtain the code and documentation:  http://www.courtesan.com/sudo/

We use it in our organization a lot.
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12657194
Alternativly you can get the sysadmin to setuid ou binary chmod + s which will give it root priv when it runs.
0
 

Author Comment

by:avok
ID: 12662841
paranoidcookie could you clarify the last one a little bit? What command needs to be executed on what? I don't have much experience in UNIX.
0
 
LVL 5

Accepted Solution

by:
paranoidcookie earned 1000 total points
ID: 12662929
Basicall binaries (programs) have permission read write execute normally however there are special permissions that allow programs to run are root. Its used on tools like ping (which uses a privilaged port but can be run by a user).

In order to change permissions you use a program called chmod

To make a program setuid run

chmod +s program name

Hope that explains things a little better
0
 

Author Comment

by:avok
ID: 12663185
OK, I understand now. The user who sets the s bits is allowing execution of the script with his privileges. But that means that I could later modify that script and do anything that the root could do. Maybe he can deny write access to that script after setting suid.
0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12663551
Yes I would also recommend restricting the permissions so only local users (or just you) can see it as setuid is very dangerous
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question