How to let ordinary users use port

In Linux systems, in general, ports smaller than 1024 are not open to ordinary Linux users without root. But there are still some tricks that allow users without root to use ports smaller than 1024. This article will introduce how to let ordinary users use ports below 1024 in Linux.

Method One: SetUID

to the user's application settings in the user ID to perform the bit can make the program can be run with root privileges, this method allows the program to run in as root The same, but need to be very careful, this approach also poses a security risk, especially when the program to be executed is inherently a security risk.

The method used is:

1.chown root.root /path/to/application

2.#Using SetUID

3.chmod u +s /path/to/application

We can see that in the system, /usr/bin/passwd files, we use SetUID, so that each system user can use passwd to modify Password —— This is the file to modify /etc/passwd (this is only root).

Since you want to run programs with non-root users, the goal is to reduce the security risks that the program itself poses to the system. Therefore, this method requires special care.

Method 2: CAP_NET_BIND_SERVICE

Starting with version 2.1, the Linux kernel has the concept of capability, which allows ordinary users to do work that only superusers can do, including the use of ports.

Get the CAP_NET_BIND_SERVICE ability to banding to a low port even if the server is running under a non-root account. Method used:

1.# Setting CAP_NET_BIND_SERVICE

2.setcap cap_net_bind_service =+ep /path/to/application

Note:

1. This method is not universal for all Linux systems. The kernel was not provided before 2.1, so you need to check if the system you want to use is supported.

2. Also note that if you want to run The program file is a script, and there is no way for this method to work properly. Previous12Next page Total 2 pages