allow a application on port UDP/162 as non root
sun.jedi
sun.jedi at gmail.com
Thu Aug 6 15:02:07 UTC 2009
Have you looked at sudo to start the app?
-Marc
On 8/6/2009 10:53 AM, Matthew Galgoci wrote:
>> Date: Thu, 6 Aug 2009 16:44:44 +0200 (CEST)
>> From: Patrick Lambooy <p.lambooy at narmida.com>
>> To: redhat-sysadmin-list at redhat.com
>> Subject: allow a application on port UDP/162 as non root
>>
>> Hello,
>>
>> I need some Selinux help
>>
>> The problem is :
>> The application starts its own listening snmp trap app on port UDP/162
>>
>> What i want is to allow a user (not root) to start the application(java)
>> and let it bind to the port UDP/162.
>>
>> The original snmptrapd is deactivated so no problem here
>>
>> The problem is port 1 till 1024 can only used by root
>>
>> The only way to do this is to completely deactivate this part of security
>> which i realy dont like, very nasty.
>>
>> Is there a way with selinux to do this.
>> Please explain in details because i'm still partly a selinux n00b
>> sry
>>
>> The alternative is to let the app run in root which isnt going to happen :-)
>>
>> I realy hope somebody knows how and if this can be done with selinux after
>> 1 day searching and testing i'm a bit stuk
>> Other suggestions are also welcome
>>
>
> This isn't a selinux issue. By default non-root processes cannot bind to
> ports less than 1024. I'm not sure if there is a clean way around this.
>
>
More information about the redhat-sysadmin-list
mailing list