how do i claim a low-numbered port as non-root the "right way"

Posted by qbxk on Stack Overflow See other posts from Stack Overflow or by qbxk
Published on 2010-04-04T12:19:09Z Indexed on 2010/04/04 12:23 UTC
Read the original article Hit count: 314

Filed under:

linux

|

setuid

|

port

|

privileges

|

daemon

I have a script that I want to run as a daemon listening on a low-numbered port (< 1024)

Script is in python, though answers in perl are also acceptable.

The script is being daemonized using start-stop-daemon in a startup script, which may complicate the answer

What I really (think) don't want is to type ps -few and see this process running with a "root" on it's line.

How do I do it?

( from my less-than-fully-educated-about-system-calls perspective, I can see 3 avenues,

Run the script as root (no --user/--group/--chuid to start-stop-daemon), and have it de-escalate it's user after it claims the port
Setuid root on the script (chmod u+s), and run the script as the running user, (via --user/--group/--chuid to start-stop-daemon, the startup script still has to be called as root), in the script, acquire root privileges, claim the port, and then revert back to normal user
something else i'm unaware of

)

© Stack Overflow or respective owner

Related posts about linux

apt-get install and update fail

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I've got a problem with apt-get update and apt-get install ... commands . every time update or installing fails and errors are : Get:1 http://dl.google.com stable Release.gpg [198B] Ign http://dl.google.com/linux/chrome/deb/ stable/main Translation-en_US Get:2 http://dl… >>> More
kernel module compiling error

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
sh@ubuntu:/home/ccpp/helloworld$ make gcc-4.6 -O2 -DMODULE -D_KERNEL_ -W -Wall -Wstrict-prototypes -Wmissing-prototypes -isystem /lib/modules/`uname -r`/build/include -c -o hello-1.o hello-1.c hello-1.c:4:0: warning: "MODULE" redefined [enabled by default] <command-line>:0:0: note: this is… >>> More
Build-Essentials installation failing

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am having trouble accessing the several critical header files that show to be a part of the build process. The "Ubuntu Software Center" shows "Build Essentials" as installed: Next I did the following two commands, which did not improve the problem: ~$ sudo apt-get install build-essential [sudo]… >>> More
Updating Debian kernel

as seen on Super User - Search for 'Super User'
I'm trying to update my Debian machine to 2.6.32-46 (which is the new stable). However, after doing apt-get update my apt-cache search linux-image shows me: linux-headers-2.6.32-5-486 - Header files for Linux 2.6.32-5-486 linux-headers-2.6.32-5-686-bigmem - Header files for Linux 2.6.32-5-686-bigmem linux-headers-2… >>> More
Serial connection over a single USB cable (Windows to linux, or linux to linux)

as seen on Server Fault - Search for 'Server Fault'
I'm helping out with a project for an embedded device that only has USB and no serial. This device is running Linux. These days, when we need to connect to a serial port on a device we typically use a USB to serial adapter (on something like a phone system or a load balancing device, etc). I would… >>> More

Related posts about setuid

sudo or acl or setuid/setgid ?

as seen on Server Fault - Search for 'Server Fault'
Hi, for a reason I do not really understand, everyone wants sudo for all and everything. At work we even have as many entries as there are way to read a logfile (head/tail/cat/more, ...). I think, sudo is defeating here. I'd rather use a mix of setgid/setuid directories and add ACL here and there… >>> More
checksecurity / setuid changes, is this a bug or did somebody break in?

as seen on Server Fault - Search for 'Server Fault'
I received a mail by checksecurity from my ubuntu 12.04 server with the following content: --- setuid.today 2012-06-03 06:48:09.892436281 +0200 +++ /var/log/setuid/setuid.new.tmp 2012-06-17 06:47:51.376597730 +0200 @@ -30,2 +30,2 @@ - 131904 4755 2 root root 71280 Wed May… >>> More
Get calling user ID in PHP setuid script

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a PHP script on Linux in which the sticky bit is set, so it gets executed as the file owner. How can I get the user id of the calling process, for authorization purposes? Context: I have two applications on a server, and want one to request some info from the other. For this reason the other… >>> More
(Ubuntu) setuid bash doesn't work

as seen on Server Fault - Search for 'Server Fault'
Here is the code: (root:) # mkdir /test # cp /bin/bash /test/sbash # chmod a+s /test/sbash (user1:) $ cd /test $ ./sbash $ mkdir trycreate mkdir: cannot create directory `trycreate': Permission denied And bash scripts with setuid bit set not work, either. By the way, my setuid perl script… >>> More
sudo: must be setuid root

as seen on Server Fault - Search for 'Server Fault'
Recently, due to some messy stuff with master boot record, I have to re-install my Ubuntu. Before doing that, I back up all folder (exclude root, bin, sbin, tmp, media, mnt) to a NTFS partition. After installation of Ubuntu, I copied back all the folder using a nautilus (running by sudo nautilus)… >>> More