Run FileCatalyst products as a non-root (non-privileged) user on Linux, but make it available on ports lower than 1024 (ex: 80, 21, 443)
Posted by John Tkaczewski, Last modified by Aly Essa on 04 August 2016 12:01 PM

Products: FileCatalyst Direct (server), Webmail and Workflow

Option 1: 

Use IPTables

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8080

Replace 80 with the low port of your choice and replace 8080 with the actual port the server is listening on

Option 2:

Use authbind. The authbind package is designed to allow users to bind servers upon a low-numbered port. The package is available for most Linux platforms.

Debian Example:

root@lappy:# apt-get install authbind

 

Once installed the software is configured via files located beneath /etc/authbind. There are three subdirectories:

  • /etc/authbind/byport
  • /etc/authbind/byuid
  • /etc/authbind/byaddr

The manpage to the authbind program explains how these subdirectories are used. But as a simple example we can allow the user skx to bind to port 80 by running the following commands:

root@lappy:~# touch /etc/authbind/byport/80
root@lappy:~# chown skx:skx /etc/authbind/byport/80
root@lappy:~# chmod 755 /etc/authbind/byport/80

Here we have created a file with the name 80 (which is used to specify that the user may bind to port 80). This file is executable to the user skx - this is sufficient for the user to bind to port 80 - if they prefix their command with authbind.