|
|
|
|
|
|
by mappu
3764 days ago
|
|
|
>Just being able to lock ports down to a uid would suffice for many use cases and could work the same way as the legacy system by default, with ports <1024 reserved for root and other ports not reserved. Then, e.g. # echo "8080 <MYUID>" > /proc/sys/net/ipv4/conf/all/portsec/register It can be done in userspace with `authbind` (based on some LD_PRELOAD magic). # apt-get install authbind
# echo '0.0.0.0,8080-8081' >> /etc/authbind/byuid/$(id -u $TARGETUSER)
Then as user: $ authbind my-daemon
|
|
|