Blue Boar said: > Is there any point in needing to be root in order to allocate the > low ports on unix-like systems, anymore? Could we get away from > having to have some daemons even have a root stub in order to > listen on a low port? What would break, and what new holes would > be created? Could some sort of port ACL simply be used that says > a particular UID can allocate a particular range of ports? depends on the service. i use linux's transparent proxy support for running some services above 1024 that otherwise like to be under 1024. services that do system authentication may be more difficult to run above 1024 as non root. but services like openldap, and real server(when i was test driving it), ran fine as non root on high ports. i usually add 1000 to the ports, so for LDAP it uses 389, so i have it bind to 3890, for LDAP/SSL it uses 636 so i have it bind to 6360.. works perfectly, except i cannot connect to the proxied port from the machine itself. I have used transparent proxy on ipf too, or was it ipfw.. its been a while. nate -- Nate Amsden System Administrator GraphOn (Sent using Squirrelmail! 1.2.4)
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 10:37:33 PDT