Date: Thu, 23 Jun 2005 15:30:02 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: Abu Khaled <khaled.abu@gmail.com> Cc: freebsd-net@freebsd.org, Darren Pilgrim <dmp@bitfreak.org>, Mrad James Deane <xtremejames183@msn.com> Subject: Re: www user than root Message-ID: <20050623133002.GA738@obiwan.tataz.chchile.org> In-Reply-To: <a64c109e05062306235eac9394@mail.gmail.com> References: <BAY11-F12EF48C9216082BFB35A7B9CEB0@phx.gbl> <000401c577a2$c095b090$0b2a15ac@SMILEY> <20050623131455.GZ738@obiwan.tataz.chchile.org> <a64c109e05062306235eac9394@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Khaled, > Is it a good idea to run daemons on non privileged ports as a normal > user (eg. www) then have natd or a firewall redirect the traffic > targetting the privileged port. > > For example: > > A web server running as user www on port 8000. > IPFW, IPNAT, PF or NATD redirecting port 80 to port 8000. > > Is such a soloution a good idea? > I read in man natd that one can redirect traffic comming on the > gateway on port 80 to one or many servers running daemons on non > privileged ports. Yes it might be a good idea, but again, it depends on your security requirements : any user is able to bind port 8000, so if you have other users on the system, this may not be something to avoid. But FWIW, this would totally remove the need to make a privileged part in your application. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050623133002.GA738>