Non-root listening at port < 1024
Steve G
linux_4ever at yahoo.com
Mon Nov 15 15:16:39 UTC 2004
>Does selinux make it possible to run a non-root program and let that
>program bind to a port < 1024? (Something which I've long missed in Linux)
Not that I know of. SE Linux adds more restriction on top of those already in
place by the OS. The OS will not let you bind to a port < 1024. Most applications
that need to do this start as root and then change uid after securing privileged
resources. You might also look at xinetd as a way to start an application without
needing root. (You'll need root to edit xinetd's config and the app will need to
be inetd aware.)
Hope this helps...
-Steve Grubb
__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com
More information about the fedora-selinux-list
mailing list