Run FileCatalyst products as a non-root (non-privileged) user on Linux, but make it available on ports lower than 1024 (ex: 80, 21, 443)

Knowledgebase

476Product Technical Support 58Upgrade and Migration Instructions 16Cloud Solutions 2Release Notes 23Advisories 20Pre-Sales 2About FileCatalyst Support 1FileCatalyst Support SLA

Knowledgebase: Product Technical Support > FileCatalyst Direct > FileCatalyst Server

Posted by John Tkaczewski, Last modified by Aly Essa on 04 August 2016 12:01 PM

Products: FileCatalyst Direct (server), Webmail and Workflow

Option 1:

Use IPTables

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8080

Replace 80 with the low port of your choice and replace 8080 with the actual port the server is listening on

Option 2:

Use authbind. The authbind package is designed to allow users to bind servers upon a low-numbered port. The package is available for most Linux platforms.

Debian Example:

[email protected]:# apt-get install authbind

Once installed the software is configured via files located beneath /etc/authbind. There are three subdirectories:

/etc/authbind/byport
/etc/authbind/byuid
/etc/authbind/byaddr

The manpage to the authbind program explains how these subdirectories are used. But as a simple example we can allow the user skx to bind to port 80 by running the following commands:

[email protected]:~# touch /etc/authbind/byport/80
[email protected]:~# chown skx:skx /etc/authbind/byport/80
[email protected]:~# chmod 755 /etc/authbind/byport/80

Here we have created a file with the name 80 (which is used to specify that the user may bind to port 80). This file is executable to the user skx - this is sufficient for the user to bind to port 80 - if they prefix their command with authbind.