lunar (1) privbind.1.gz

Provided by: privbind_1.2-1.1build1_amd64 bug

NAME

       privbind - allow an unprivileged application to bind with reserved ports.

SYNOPSIS

       privbind -u user [ -g group] [ -n num] [ -l path] command [ arguments ... ]

DESCRIPTION

       Normally  in  Linux,  only  a  superuser process can bind an Internet domain socket with a
       reserved port (port numbers less than 1024). Accordingly, server processes  are  typically
       run with superuser privileges, which can be dropped after binding the reserved port.

       privbind can execute an application as an unprivileged user with just one extra privilege:
       it can bind to reserved ports.

       privbind is useful in several situations. It can be  used  when  the  application  is  not
       trusted  enough;  It  can  be  used  when  the server is written in a language without the
       setuid(2) feature (e.g., Java(TM)); It can also be used to run  applications  which  don't
       manipulate  their  own  user  id  and  need  to be able to bind to a reserved port without
       needing any other root privileges.

OPTIONS

       -u     The -u option is mandatory, and  specifies  under  which  user  to  run  the  given
              command.   The  user can be specified using either a username or a numeric user id.
              It should be an unprivileged (non-root) user.

       -g     Specifies the group to switch to when running the given command. If this option  is
              missing, then the given user's default group is used.

       -n     privbind's  default  behaviour  is  to  allow  the application to call bind(2) with
              reserved ports an unlimited number of times. In order  to  do  that  (see  "HOW  IT
              WORKS"  below),  the  privbind  helper process needs to wait for the application to
              exit before it terminates.

              The -n num option tells privbind that it can assume that only num binds need to  be
              given  elevated privileges.  After this number of bind(2) calls have been executed,
              privbind's  helper  process  will  exit,  leaving  behind  only  the   unprivileged
              application running.

       -l     Mostly  for  internal  use  during build. Gives the explicit path to the LD_PRELOAD
              library.

       -h     Shows a short help screen, and exits.

EXIT STATUS

       Using technical jargon, privbind execs command as its main process, running itself in  the
       background  (as  a  child  of the application's process). The practical upshot of this, in
       layman's terms, is that the user never sees privbind's exit status. When running privbind,
       the process will exit whenever, and with whatever exit status, command does.

       The above point should be particularly noted when using privbind to run daemons.

SECURITY CONSIDERATIONS

       privbind has no SUID parts, and runs within the confines of a single process.  This serves
       to minimize the security implications of using it. It is strongly  advised  that  privbind
       not  be  made SUID, as this would allow any user that can run it to run any process as any
       other (non-root) user. At the moment privbind detects such a situation and warns about it,
       but will continue with the execution.

HOW IT WORKS

       In  a  nutshell,  privbind  works by starting two processes. One drops privileges and runs
       (exec(2)) the command, the other remains as root.  Privbind makes  sure  to  keep  a  unix
       domain socket connecting the two processes.

       Privbind  uses  LD_PRELOAD  to  intercept every call to bind(2) made by the program. Calls
       that can be completed non-privileged are done so.  Calls that require root privileges  are
       forwarded to the root process, that carry them out on the program's behalf.

       A more detailed explanation is available in the README file.

BUGS

       privbind  currently  uses  "SOCK_SEQPACKET"  for communication between privileged and non-
       privileged processes. This socket type is only  implemented  on  Linux  kernel  2.6.4  and
       later,  which makes privbind none portable to older Linux kernels and many other non-Linux
       platforms.

VERSION

       The version of privbind described by this manual page is 1.0 (June 12, 2007)

       Copyright (C) 2006-2007, Shachar Shemesh plus others. See the AUTHORS file.

       privbind was written by Shachar Shemesh, with contributions from Amos  Shapira  and  Nadav
       Har'El.

       privbind  is  free software, released under the GNU General Public License (GPL).  See the
       COPYING file for more information and the exact license terms.

       The latest version of this software can be found in

           http://sourceforge.net/projects/privbind

       Java is a registered trademark of Sun Microsystems.

SEE ALSO

       su(1), sudo(8), capabilities(7), bind(2), setuid(2), ld.so(8), unix(7)