[Mono-list] Problem with Syscall (or how to bind port 443 as a non-privileged user)
Peter Hultqvist
phq at silentorbit.com
Mon Mar 3 22:31:35 UTC 2014
On 2014-03-03 03:11, Edward Ned Harvey (mono) wrote:
> I have a service that needs to bind to port 443, and as far as I can tell, the best way to do this is to start as root (or sudo) and bind 443, and then lower privileges by using Mono.Unix.Native.Syscall.setuid. Unfortunately my actual service product was failing to do this, so I created a *really* simple test project, and it still fails.
>
> If there's a better way to solve this problem, I'd love to know. ;-) I am not married to Syscall.setuid.
>
I have used mkbundle together with "setcap 'cap_net_bind_service=+ep'
/path/to/my-bin"
That way I get a binary which can listen to privileged ports without
running as root.
Your method is probably better since it prevents further use of
privileged ports.
Also you could possible use iptables to redirect to a higher port number.
More information about the Mono-list
mailing list