Re: Ports 0-1023?

["Nate Amsden" <subscriptions () graphon com>]

Blue Boar said:
> Is there any point in needing to be root in order to allocate the
> low ports  on unix-like systems, anymore?  Could we get away from
> having to have some  daemons even have a root stub in order to
> listen on a low port?  What would  break, and what new holes would
> be created?  Could some sort of port ACL  simply be used that says
> a particular UID can allocate a particular range  of ports?


depends on the service.  i use linux's transparent proxy support
for running some services above 1024 that otherwise like to
be under 1024. services that do system authentication may be
more difficult to run above 1024 as non root. but services like
openldap, and real server(when i was test driving it), ran fine
as non root on high ports.

i usually add 1000 to the ports, so for LDAP it uses 389, so
i have it bind to 3890, for LDAP/SSL it uses 636 so i have it
bind to 6360..

works perfectly, except i cannot connect to the proxied port
from the machine itself.

I have used transparent proxy on ipf too, or was it ipfw..
its been a while.

nate


-- 
Nate Amsden
System Administrator
GraphOn
(Sent using Squirrelmail! 1.2.4)