On Wed, 22 Jun 2005 16:14:06 +0100 Bruce M Simpson <[EMAIL PROTECTED]> wrote:
> On Wed, Jun 22, 2005 at 05:01:17PM +0200, Mrad James Deane wrote: > > hello i want to know how the www user with uid:80 can print on a > > priviliged port like 80 rather the root user im very in trouble i > > did not find a solution yet mac_portacl is one but it is very > > experimental please help. thanks > > I think you may have meant 'bind' rather than 'print' here? > > Anyway, the way they used to do this back in the day on Linux at least > was to hack the socket code to allow binds to privileged ports by > certain users/groups rather than relying solely on the super-user > check. > > You could do something like this in FreeBSD 5-STABLE by hacking the > in_pcbbind_setup() function in src/sys/netinet/in_pcb.c to not just > call suser_cred(), but to instead perform a group check, by calling > groupmember(some_privileged_socket_group, cred). I think that the following sysctls do the trick [EMAIL PROTECTED] sysctl net|grep reserv net.inet.ip.portrange.reservedhigh: 1023 net.inet.ip.portrange.reservedlow: 0 marco _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
