LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-26-2007, 11:31 AM   #1
biddljj
LQ Newbie
 
Registered: Jul 2007
Posts: 1

Rep: Reputation: 0
non-root bind to port 389


Red Hat Linux ES 4

Sun Directory 6.0

I need to execute my directory server using a non root userid

Command line sudo works fine for starting the server
- server process is owned by uid=ldapsrv

Remote starts use the ldapsrv account to start the
ldap server. Start fails due to ldapsrv not being
allowed to bind to port 389.

[26/Jul/2007:08:59:51 -0500] - ERROR<12362> - Connection - conn=-1 op=-1 msgId=-1 - PR_Bind() on address <all interfaces> port <389> failed : error -5966 (Access Denied.).


If I change the port used by the LDAP server to a
high number life is good.

Question: How do I allow userid ldapsrv to start
software than binds to port 389 ?
 
Old 07-26-2007, 12:44 PM   #2
wjevans_7d1@yahoo.co
Member
 
Registered: Jun 2006
Location: Mariposa
Distribution: Slackware 9.1
Posts: 938

Rep: Reputation: 30
In theory, only root can bind to a port < 1024.

I see only two possibilities, both of them ugly.

First: modify the source of your kernel so that the restriction is removed. This opens a huge security hole.

Second: modify the source of the directory server so that the first three things it does are:
  1. change the effective UID to root;
  2. bind a socket to port 389; and
  3. change the effective UID to ldapsrv
Then make sure the executable is owned by root, and change the protection on the executable so the SUID bit is on.

Hope this helps.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I get non root access to bind a socket to port 80? APB_4 Linux - Software 2 04-22-2006 10:30 AM
using bind to redirect to port setiDude Linux - Networking 8 11-17-2004 01:35 AM
Bind Port dvong3 Linux - Networking 2 05-14-2004 03:26 PM
how to bind a <1024 port number with a non root users linuxlouis Linux - Networking 0 08-11-2003 11:10 AM
Close Port 113 and 389 sillobo Linux - Security 6 05-15-2001 09:37 AM


All times are GMT -5. The time now is 09:04 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration