[Mono-list] Problem with Syscall (or how to bind port 443 as a non-privileged user)
Edward Ned Harvey (mono)
edward.harvey.mono at clevertrove.com
Tue Mar 4 12:32:57 UTC 2014
> From: Peter Hultqvist [mailto:phq at silentorbit.com]
>
> I have used mkbundle together with "setcap 'cap_net_bind_service=+ep'
> /path/to/my-bin"
> That way I get a binary which can listen to privileged ports without
> running as root.
So - First of all, the cap_net_bind_service permission has to be applied to the file ... But it's the "mono" executable that needs it, right? I actually tried applying that permission to both the mono executable and the exe file, but even so, I still got access denied. Not sure why. I checked my kernel version, and I think it should have worked ...
I would consider it to be a bad thing, if the permission needs to be applied to the mono executable. And based on my understanding, that's what I think is actually required.
> Your method is probably better since it prevents further use of
> privileged ports.
>
> Also you could possible use iptables to redirect to a higher port number.
Yeah, I thought of that. (Meaning, found it on google and thought about it.) Things *could* end up this way if other plans don't go well.
More information about the Mono-list
mailing list