UID permissions mappings for "privileged ports" feature -- anybody done?

Bradley Ward Allen (ulmo@q.net)
Mon, 4 Nov 1996 17:43:09 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: Problems with netscape in 2.0.24"
Previous message: Kevin Buhr: "Re: X much slower in 2.0.24 than in 1.2.13"

Seems to me it would be easy to make a simple switch statement for
privileged ports which would allow a certain user to access a certain
privileged port -- and only that user (even disallow root if specified) --
that way it would be easier to set up well known services without having
to sit there and set up suid bits, etc. for all the servers. This would
be most useful for standalone servers such as web servers, etc.

There are lots of reasons why this is useful. One is a sysadm delegating
a certain well known service to an untrusted user. Another is sticking
Tcl HTTPD 1.1.1 (http://www.sunlabs.com/research/tcl/webtk/tclhttpd.html)
up without learning tcl's command to do suid and still putting it in
place of the Apache 1.1.1 httpd that never did work since somewhere in the
2.0.? range. I'm sure there are other applications.

Anyway, somebody have a patch that already does something like that?
I'm sure I could hack in a less elegant static solution (like
"if(portnum=80&&uid==12345) goto ok;" or whatever the code would say).
Wait ... hmm ... I can't find it in the kernel source. Is this a libc
thing?

Next message: Alan Cox: "Re: Problems with netscape in 2.0.24"
Previous message: Kevin Buhr: "Re: X much slower in 2.0.24 than in 1.2.13"