Simple Privileged Port Binding on Solaris

Binding to a privileged port (1-1024) on UNIX and Linux operating systems typically requires root permissions. However, for security reasons, you want to avoid running daemons as root. This typically means UNIX daemons are coded to start as root to bind to a privileged port, then drop to a less privileged user to service requests by executing the setuid()
function call.

If you're running vendor packaged software, such as Apache or an FTP server, you don't typically have to worry about this as the software supports this daemon trickery out of the box.

On the other hand, if you're writing your own daemon in an interpreted language or Java and need to listen on a privileged port, you'll need a to implement code or use one of the many open source solutions provided by third parties for various languages to
drop root. However, if you're running on Solaris or one of Open Solaris' succssors, such as SmartOS, there's an easier way. Simply grant binding to privileged
ports to a non-root user.

As root, issue the command:

usermod -K defaultpriv=basic,net_privaddr someuser  

After executing the above as root, the user to which you granted this permission - someuser in the example - will be able to bind to privileged ports without needing to be initially executed as the root user.

comments powered by Disqus

Software Engineer living in NYC
More Detail →
  • Software Engineering
  • Full Stack
  • Java
  • Spring
  • Linux
  • MongoDB
  • Objective-C
← Back

Recent Posts