Hello everyone,
This is my first post here, so thank you in advance for your help.
I'm running a datalogging software on a CentOs server (no GUI, just console) with a user which is not the root. Now I need to be able to access this server remotely through port 502 (it has to be this port) to read data from the software, however this is not happening since it appears to be blocked. CentOS blocks any port lower than 1023 as far as I understand.
Is there any way I could enable this user to have root privileges? I have been looking around but can't seem to find a solution. At the moment IPTABLES and Firewall are disabled so that should not be a problem.
Options I found so far are:
Authbind (couldn't find a Centos 7 version)
CAP_NET_BIND_SERVICE (don't really understand how it works and read that it could have problems with libraries?)
Haven't try any of them yet cause I'm not really sure if they will work and I don't want to mess up the server by doing trial and error.
Any help will be appreciated and thank you again for the help.
Cheers!
Opening port 502 for non-root user
Re: Opening port 502 for non-root user
All ports except 22 (ssh) are blocked by the default iptables firewall setup. If you need other ports open then you need to amend the iptables rules to allow them. The default CentOS 7 install uses firewalld to manage the rules and you manipulate them using the firewall-cmd command.
It's not "CentOS" that stops non-root apps from opening ports < 1024, it's linux and all unixes in general. However opening the port is not the same thing as opening the port in the firewall. Many apps start as root so that they can open ports < 1024 and then switch to non-root users once the port is open. You'd still need to open the port in the firewall in this case though.
It's not "CentOS" that stops non-root apps from opening ports < 1024, it's linux and all unixes in general. However opening the port is not the same thing as opening the port in the firewall. Many apps start as root so that they can open ports < 1024 and then switch to non-root users once the port is open. You'd still need to open the port in the firewall in this case though.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Opening port 502 for non-root user
As TrevorH mentioned, only root can bind to ports <1024 under Linux, by design.
If your datalogging software can't drop privileges after starting (like Apache does for example), you'll need to find a workaround.
Depending on the type of traffic to the software, you could consider proxying the traffic trough Apache.
Another option is to bind on a port >1024 and to do a port-forward with iptables.
For example, let your software listen on port 2000 and configure iptables to forward all incoming traffic on port 502->2000.
A more clean option would be to use xinted and let xinetd control your service (and listening port). More information: http://linuxpoison.blogspot.be/2010/01/ ... under.html
If your datalogging software can't drop privileges after starting (like Apache does for example), you'll need to find a workaround.
Depending on the type of traffic to the software, you could consider proxying the traffic trough Apache.
Another option is to bind on a port >1024 and to do a port-forward with iptables.
For example, let your software listen on port 2000 and configure iptables to forward all incoming traffic on port 502->2000.
A more clean option would be to use xinted and let xinetd control your service (and listening port). More information: http://linuxpoison.blogspot.be/2010/01/ ... under.html