Linux common account is bound to 1024 or less port

First, I received an open request yesterday:

Can I open a normal account on this machine separately, the required permission is to bind udp 53 port

This account is

For developers, it seems that this requirement is very simple, but in fact it involves some technical problems (normal users on Linux cannot bind to ports below 1024),

At that time, in order not to delay the opening work, I gave the root of a test machine, and now I am going back to solve the problem.

Second, google knows that there are basically two solutions:

1, commonly used is to use sudo to give ordinary users certain permissions , but this is different from giving root, you have to maintain sudo.

2. There is a small program authbind under debian system, which allows the program to bind the privileged port below 1024 without using root privileges.

Calling authbind, authbind will call some environment variables to allow your program to be bound to a privileged port.

Ubuntu 12.04 install authbind

apt-get install authbind

How to use authbind? Used by the configuration file area, the default configuration file area is in the /etc/authbind directory, which has three directories: byport, byaddr, byuid.

If we have a test account, we want to run a program to bind port 80

Create 80 files in the byport directory: /etc/authbind/byport/80, set the test account to have 80 files. The permission to use, if the 80 file can be accessed by test, the binding is successful, otherwise the binding is a failure.

Specific Operations:

chmod 755 /etc/authbind/port/80

chown test.test /etc/authbind/port/80 < Br>

Add the authbind --deep command before the command you want to start.

We can also bind the port directly at the address, and create an ip:port file under byaddr. The test method is as above.

You can also create a uid file in the byuid directory, as long as your test account can be accessed, otherwise the binding fails.

Third, centos implementation

Since authbind is based on debian, so the source can not be found on yum, google also did not find the corresponding Rpm;

Found from github: https://github.com/tootedom/authbind-centos-rpm

Down, follow the instructions rpmbuild -v -bb --clean SPECS/authbind.spec has two problems:

1, path error

[root@stat authbind]# rpmbuild -v -bb --clean SPECS/authbind.spec< Br>

error: File /root/authbind/SOURCES/authbind_2.1.1.tar.gz: No such file or directory

2, failed to generate build directory

[root@stat authbind]# rpmbuild -v -bb --clean SPECS/authbind.spec

Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp. 6tbsn7

+ umask 022

+ cd /root/authbind/authbind/BUILD

/var/tmp/rpm-tmp.6tbsn7: line 26: cd: /root /authbind/authbind/BUILD: No such file or directory

error: Bad exit status from /var/tmp/rpm-tmp.6tbsn7 (%prep)

RPM build errors:

Bad exit status f Rom /var/tmp/rpm-tmp.6tbsn7 (%prep)

Not familiar with rpmbuild, but found SOURCES/authbind_2.1.1.tar.gz, unzipped and found Makefile, directly Successful installation!

[root@stat authbind-2.1.1]# make

cc -g -O2 -Wall -Wwrite-strings -Wpointer-arith -Wimplicit -Wnested-externs -Wmissing-prototypes - Wstrict-prototypes -DMAJOR_VER='"1"' -DMINOR_VER='"0"' -DLIBAUTHBIND='"/usr/local/lib/authbind/libauthbind.so.1"' -DHELPER='"/Usr/local/lib/authbind/helper"' -DCONFIGDIR='"/etc/authbind"' -D_GNU_SOURCE -c -o authbind.o authbind.c

cc -g authbind.o -o authbind

cc -g -O2 -Wall -Wwrite-strings -Wpointer-arith -Wimplicit -Wnested-externs -Wmissing-prototypes -Wstrict-prototypes -DMAJOR_VER='"1"' -DMINOR_VER='" 0"' -DLIBAUTHBIND='"/usr/local/lib/authbind/libauthbind.so.1"' -DHELPER='"/usr/local/lib/authbind/helper"' -DCONFIGDIR='"/Etc/authbind"' -D_GNU_SOURCE -c -o helper.o helper.c

cc -g helper.o -o helper

cc -D_REENTRANT -g -O2 -Wall -Wwrite- Strings -Wpointer-arith -Wimplicit -Wnested-externs -Wmissing-prototypes -Wstrict-prototypes -DMAJOR_VER='"1"' -DMINOR_VER='"0"' -DLIBAUTHBIND='"/usr/local/lib/authbind/libauthbind.so.1"' -DHELPER='" /usr/local/lib/authbind/helper"' -DCONFIGDIR='"/etc/authbind"' -D_GNU_SOURCE -c -o libauthbind.o -fPIC libauthbind.c

ld -shared -soname libauthbind .so.1 -o libauthbind.so.1.0 libauthbind.o -ldl -lc

[root@stat authbind-2.1.1]#

[root@stat authbind-2.1.1 ]#

[root@stat authbind-2.1.1]# make install

install -o root -g root -m 755 -d /usr/local/lib/authbind /usr/Local/share/man/man1 /usr/local/share/man/man8

install -o root -g root -m 755 -s authbind /usr/local/bin/.

Install -o root -g root -m 644 libauthbind.so.1.0 /usr/local/lib/authbind/.

strip --strip-unneeded /usr/local/lib/authbind/libauthbind.so. 1.0

ln -sf libauthbind.so.1.0 /usr/local/lib/authbind/libauthbind.so.1

install -o root -g root -m 755 -s helper /usr /local/lib/authbind/.

chm Od u+s /usr/local/lib/authbind/helper

install -o root -g root -m 755 -d /etc/authbind \\

/etc/authbind/byport /Etc/authbind/byaddr /etc/authbind/byuid

[root@stat authbind-2.1.1]# cd /etc/authbind/

[root@stat Authbind]# ls

byaddr byport byuid

After authbind --deep, the linux common account is bound to 1024 or less.

This article comes from “McMr.'s operation and maintenance road" blog, please be sure to keep this source http://xiaomaimai.blog.51cto.com/1182965/1437027