Allowing a user to use ports under 1024 on Solaris 11

You can allow a normal unix user to create processes on privileged ports (e.g. under 1024) by assigning them the privilege net_privaddr. This is useful if you want your webserver to run as a non-root user.

# usermod -K defaultpriv=basic,net_privaddr webservd

This change will be recorded in the file /etc/user_attr. The user will need to re-login and restart processes to pick up these changes.

There are LOTS of other privileges you can assign this way, you can see a listing with a brief description as root by running

# ppriv -lv

Useful related knowledge

http://www.c0t0d0s0.org/archives/4075-Less-known-Solaris-features-RBAC-and-Privileges-Part-3-Privileges.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s