www user than root
Jeremie Le Hen
jeremie at le-hen.org
Thu Jun 23 13:29:49 GMT 2005
Hi Khaled,
> Is it a good idea to run daemons on non privileged ports as a normal
> user (eg. www) then have natd or a firewall redirect the traffic
> targetting the privileged port.
>
> For example:
>
> A web server running as user www on port 8000.
> IPFW, IPNAT, PF or NATD redirecting port 80 to port 8000.
>
> Is such a soloution a good idea?
> I read in man natd that one can redirect traffic comming on the
> gateway on port 80 to one or many servers running daemons on non
> privileged ports.
Yes it might be a good idea, but again, it depends on your security
requirements : any user is able to bind port 8000, so if you have
other users on the system, this may not be something to avoid.
But FWIW, this would totally remove the need to make a privileged part
in your application.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-net
mailing list