xenial (1) privbind.1.gz

Provided by: privbind_1.2-1.1_amd64 bug

NAME

       privbind - allow an unprivileged application to bind with reserved ports.

SYNOPSIS

       privbind -u user [ -g group] [ -n num] [ -l path] command [ arguments ... ]

DESCRIPTION

       Normally in Linux, only a superuser process can bind an Internet domain socket with a reserved port (port
       numbers less than 1024). Accordingly, server processes are typically run with superuser privileges, which
       can be dropped after binding the reserved port.

       privbind can execute an application as an unprivileged user with just one extra privilege: it can bind to
       reserved ports.

       privbind is useful in several situations. It can be used when the application is not trusted  enough;  It
       can  be  used when the server is written in a language without the setuid(2) feature (e.g., Java(TM)); It
       can also be used to run applications which don't manipulate their own user id and need to be able to bind
       to a reserved port without needing any other root privileges.

OPTIONS

       -u     The -u option is mandatory, and specifies under which user to run the given command.  The user can
              be specified using either a username or a numeric user id.  It should  be  an  unprivileged  (non-
              root) user.

       -g     Specifies  the  group to switch to when running the given command. If this option is missing, then
              the given user's default group is used.

       -n     privbind's default behaviour is to allow the application to call bind(2) with  reserved  ports  an
              unlimited  number  of  times.  In order to do that (see "HOW IT WORKS" below), the privbind helper
              process needs to wait for the application to exit before it terminates.

              The -n num option tells privbind that it can assume that only num binds need to be given  elevated
              privileges.  After this number of bind(2) calls have been executed, privbind's helper process will
              exit, leaving behind only the unprivileged application running.

       -l     Mostly for internal use during build. Gives the explicit path to the LD_PRELOAD library.

       -h     Shows a short help screen, and exits.

EXIT STATUS

       Using technical jargon, privbind execs command as its main process, running itself in the background  (as
       a  child of the application's process). The practical upshot of this, in layman's terms, is that the user
       never sees privbind's exit status. When running privbind,  the  process  will  exit  whenever,  and  with
       whatever exit status, command does.

       The above point should be particularly noted when using privbind to run daemons.

SECURITY CONSIDERATIONS

       privbind  has  no  SUID parts, and runs within the confines of a single process.  This serves to minimize
       the security implications of using it. It is strongly advised that privbind not be  made  SUID,  as  this
       would  allow  any  user  that  can  run it to run any process as any other (non-root) user. At the moment
       privbind detects such a situation and warns about it, but will continue with the execution.

HOW IT WORKS

       In a nutshell, privbind works by starting two processes. One drops  privileges  and  runs  (exec(2))  the
       command,  the other remains as root.  Privbind makes sure to keep a unix domain socket connecting the two
       processes.

       Privbind uses LD_PRELOAD to intercept every call to bind(2) made  by  the  program.  Calls  that  can  be
       completed  non-privileged  are  done  so.   Calls  that require root privileges are forwarded to the root
       process, that carry them out on the program's behalf.

       A more detailed explanation is available in the README file.

BUGS

       privbind  currently  uses  "SOCK_SEQPACKET"  for  communication  between  privileged  and  non-privileged
       processes.  This  socket  type  is only implemented on Linux kernel 2.6.4 and later, which makes privbind
       none portable to older Linux kernels and many other non-Linux platforms.

VERSION

       The version of privbind described by this manual page is 1.0 (June 12, 2007)

       Copyright (C) 2006-2007, Shachar Shemesh plus others. See the AUTHORS file.

       privbind was written by Shachar Shemesh, with contributions from Amos Shapira and Nadav Har'El.

       privbind is free software, released under the GNU General Public License (GPL).  See the COPYING file for
       more information and the exact license terms.

       The latest version of this software can be found in

           http://sourceforge.net/projects/privbind

       Java is a registered trademark of Sun Microsystems.

SEE ALSO

       su(1), sudo(8), capabilities(7), bind(2), setuid(2), ld.so(8), unix(7)