Run FileCatalyst products as a non-root (non-privileged) user on Linux, but make it available on ports lower than 1024 (ex: 80, 21, 443)
Posted by John Tkaczewski, Last modified by Aly Essa on 04 August 2016 12:01 PM
Products: FileCatalyst Direct (server), Webmail and Workflow
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8080
Replace 80 with the low port of your choice and replace 8080 with the actual port the server is listening on
Use authbind. The authbind package is designed to allow users to bind servers upon a low-numbered port. The package is available for most Linux platforms.
[email protected]:# apt-get install authbind
Once installed the software is configured via files located beneath /etc/authbind. There are three subdirectories:
The manpage to the authbind program explains how these subdirectories are used. But as a simple example we can allow the user skx to bind to port 80 by running the following commands:
[email protected]:~# touch /etc/authbind/byport/80 [email protected]:~# chown skx:skx /etc/authbind/byport/80 [email protected]:~# chmod 755 /etc/authbind/byport/80
Here we have created a file with the name 80 (which is used to specify that the user may bind to port 80). This file is executable to the user skx - this is sufficient for the user to bind to port 80 - if they prefix their command with authbind.