www user than root
Bruce M Simpson
bms at spc.org
Wed Jun 22 15:14:19 GMT 2005
On Wed, Jun 22, 2005 at 05:01:17PM +0200, Mrad James Deane wrote:
> hello i want to know how the www user with uid:80 can print on a priviliged
> port like 80 rather the root user im very in trouble i did not find a
> solution yet mac_portacl is one but it is very experimental please help.
> thanks
I think you may have meant 'bind' rather than 'print' here?
Anyway, the way they used to do this back in the day on Linux at least was
to hack the socket code to allow binds to privileged ports by certain
users/groups rather than relying solely on the super-user check.
You could do something like this in FreeBSD 5-STABLE by hacking the
in_pcbbind_setup() function in src/sys/netinet/in_pcb.c to not just
call suser_cred(), but to instead perform a group check, by calling
groupmember(some_privileged_socket_group, cred).
Regards,
BMS
More information about the freebsd-net
mailing list