[Mono-list] Problem with Syscall (or how to bind port 443 as a non-privileged user)

Edward Ned Harvey (mono) edward.harvey.mono at clevertrove.com
Tue Mar 4 12:32:57 UTC 2014


> From: Peter Hultqvist [mailto:phq at silentorbit.com]
> 
> I have used mkbundle together with "setcap 'cap_net_bind_service=+ep'
> /path/to/my-bin"
> That way I get a binary which can listen to privileged ports without
> running as root.

So - First of all, the cap_net_bind_service permission has to be applied to the file ...  But it's the "mono" executable that needs it, right?  I actually tried applying that permission to both the mono executable and the exe file, but even so, I still got access denied.  Not sure why.  I checked my kernel version, and I think it should have worked ...

I would consider it to be a bad thing, if the permission needs to be applied to the mono executable.  And based on my understanding, that's what I think is actually required.


> Your method is probably better since it prevents further use of
> privileged ports.
> 
> Also you could possible use iptables to redirect to a higher port number.

Yeah, I thought of that.  (Meaning, found it on google and thought about it.)  Things *could* end up this way if other plans don't go well.


More information about the Mono-list mailing list