Provided by: privbind_1.1-1_i386 bug

NAME

       privbind  -  allow  an  unprivileged  application to bind with reserved
       ports.

SYNOPSIS

       privbind -u user [ -g group] [ -n num] [ -l path] command  [  arguments
       ... ]

DESCRIPTION

       Normally in Linux, only a superuser process can bind an Internet domain
       socket with a reserved port (port numbers less than 1024). Accordingly,
       server processes are typically run with superuser privileges, which can
       be dropped after binding the reserved port.

       privbind can execute an application as an unprivileged user  with  just
       one extra privilege: it can bind to reserved ports.

       privbind  is  useful  in  several  situations.  It can be used when the
       application is not trusted enough; It can be used when  the  server  is
       written  in  a language without the setuid(2) feature (e.g., Java(TM));
       It can also be used to run applications which  don’t  manipulate  their
       own  user  id  and  need  to be able to bind to a reserved port without
       needing any other root privileges.

OPTIONS

       -u     The -u option is mandatory, and specifies under  which  user  to
              run the given command.  The user can be specified using either a
              username or a numeric user id.  It  should  be  an  unprivileged
              (non-root) user.

       -g     Specifies the group to switch to when running the given command.
              If this option is missing, then the given user’s  default  group
              is used.

       -n     privbind’s default behaviour is to allow the application to call
              bind(2) with reserved ports an unlimited  number  of  times.  In
              order to do that (see "HOW IT WORKS" below), the privbind helper
              process needs to wait for the  application  to  exit  before  it
              terminates.

              The  -n  num  option tells privbind that it can assume that only
              num binds need to be  given  elevated  privileges.   After  this
              number  of  bind(2)  calls have been executed, privbind’s helper
              process  will  exit,  leaving  behind  only   the   unprivileged
              application running.

       -l     Mostly for internal use during build. Gives the explicit path to
              the LD_PRELOAD library.

       -h     Shows a short help screen, and exits.

EXIT STATUS

       Using technical jargon, privbind execs command  as  its  main  process,
       running  itself  in  the  background  (as  a child of the application’s
       process). The practical upshot of this, in layman’s terms, is that  the
       user  never  sees  privbind’s  exit  status. When running privbind, the
       process will exit whenever, and  with  whatever  exit  status,  command
       does.

       The above point should be particularly noted when using privbind to run
       daemons.

SECURITY CONSIDERATIONS

       privbind has no SUID parts, and runs within the confines  of  a  single
       process.   This  serves  to minimize the security implications of using
       it. It is strongly advised that privbind not  be  made  SUID,  as  this
       would  allow  any  user that can run it to run any process as any other
       (non-root) user. At the moment privbind detects such  a  situation  and
       warns about it, but will continue with the execution.

HOW IT WORKS

       In  a  nutshell,  privbind  works  by starting two processes. One drops
       privileges and runs (exec(2)) the command, the other remains  as  root.
       Privbind  makes  sure  to  keep a unix domain socket connecting the two
       processes.

       Privbind uses LD_PRELOAD to intercept every call to bind(2) made by the
       program. Calls that can be completed non-privileged are done so.  Calls
       that require root privileges are forwarded to the  root  process,  that
       carry them out on the program’s behalf.

       A more detailed explanation is available in the README file.

BUGS

       privbind  currently  uses  "SOCK_SEQPACKET"  for  communication between
       privileged and non-privileged  processes.  This  socket  type  is  only
       implemented  on Linux kernel 2.6.4 and later, which makes privbind none
       portable to older Linux kernels and many other non-Linux platforms.

VERSION

       The version of privbind described by this manual page is 1.0 (June  12,
       2007)

COPYRIGHT

       Copyright  (C)  2006-2007, Shachar Shemesh plus others. See the AUTHORS
       file.

       privbind was written by Shachar Shemesh, with contributions  from  Amos
       Shapira and Nadav Har’El.

       privbind  is  free  software,  released  under  the  GNU General Public
       License (GPL).  See the COPYING file for more information and the exact
       license terms.

       The latest version of this software can be found in

           http://sourceforge.net/projects/privbind

       Java is a registered trademark of Sun Microsystems.

SEE ALSO

       su(1), sudo(8), capabilities(7), bind(2), setuid(2), ld.so(8), unix(7)