EnglishFrenchSpanish

OnWorks favicon

privbind - Online in the Cloud

Run privbind in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command privbind that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


privbind - allow an unprivileged application to bind with reserved ports.

SYNOPSIS


privbind -u user [ -g group] [ -n num] [ -l path] command [ arguments ... ]

DESCRIPTION


Normally in Linux, only a superuser process can bind an Internet domain socket with a
reserved port (port numbers less than 1024). Accordingly, server processes are typically
run with superuser privileges, which can be dropped after binding the reserved port.

privbind can execute an application as an unprivileged user with just one extra privilege:
it can bind to reserved ports.

privbind is useful in several situations. It can be used when the application is not
trusted enough; It can be used when the server is written in a language without the
setuid(2) feature (e.g., Java(TM)); It can also be used to run applications which don't
manipulate their own user id and need to be able to bind to a reserved port without
needing any other root privileges.

OPTIONS


-u The -u option is mandatory, and specifies under which user to run the given
command. The user can be specified using either a username or a numeric user id.
It should be an unprivileged (non-root) user.

-g Specifies the group to switch to when running the given command. If this option is
missing, then the given user's default group is used.

-n privbind's default behaviour is to allow the application to call bind(2) with
reserved ports an unlimited number of times. In order to do that (see "HOW IT
WORKS" below), the privbind helper process needs to wait for the application to
exit before it terminates.

The -n num option tells privbind that it can assume that only num binds need to be
given elevated privileges. After this number of bind(2) calls have been executed,
privbind's helper process will exit, leaving behind only the unprivileged
application running.

-l Mostly for internal use during build. Gives the explicit path to the LD_PRELOAD
library.

-h Shows a short help screen, and exits.

EXIT STATUS


Using technical jargon, privbind execs command as its main process, running itself in the
background (as a child of the application's process). The practical upshot of this, in
layman's terms, is that the user never sees privbind's exit status. When running privbind,
the process will exit whenever, and with whatever exit status, command does.

The above point should be particularly noted when using privbind to run daemons.

SECURITY CONSIDERATIONS


privbind has no SUID parts, and runs within the confines of a single process. This serves
to minimize the security implications of using it. It is strongly advised that privbind
not be made SUID, as this would allow any user that can run it to run any process as any
other (non-root) user. At the moment privbind detects such a situation and warns about it,
but will continue with the execution.

HOW IT WORKS


In a nutshell, privbind works by starting two processes. One drops privileges and runs
(exec(2)) the command, the other remains as root. Privbind makes sure to keep a unix
domain socket connecting the two processes.

Privbind uses LD_PRELOAD to intercept every call to bind(2) made by the program. Calls
that can be completed non-privileged are done so. Calls that require root privileges are
forwarded to the root process, that carry them out on the program's behalf.

A more detailed explanation is available in the README file.

Use privbind online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    rEFInd
    rEFInd
    rEFInd is a fork of the rEFIt boot
    manager. Like rEFIt, rEFInd can
    auto-detect your installed EFI boot
    loaders and it presents a pretty GUI
    menu of boot option...
    Download rEFInd
  • 2
    ExpressLuke GSI
    ExpressLuke GSI
    This SourceForge download page was to
    grant users to download my source built
    GSIs, based upon phhusson's great
    work. I build both Android Pie and
    Android 1...
    Download ExpressLuke GSI
  • 3
    Music Caster
    Music Caster
    Music Caster is a tray music player
    that lets you cast your local music to a
    Google Cast device. On the first run,
    you will need to click the arrow in your
    tas...
    Download Music Caster
  • 4
    PyQt
    PyQt
    PyQt is the Python bindings for
    Digia's Qt cross-platform
    application development framework. It
    supports Python v2 and v3 and Qt v4 and
    Qt v5. PyQt is avail...
    Download PyQt
  • 5
    Sardi
    Sardi
    Sardi is a complete restyling and
    optimisation of svg code. 6 choices for
    your applications and 10 kind of folders
    to use in your file manager. The sardi
    icons...
    Download Sardi
  • 6
    LMMS Digital Audio Workstation
    LMMS Digital Audio Workstation
    LMMS is a free cross-platform software
    which allows you to produce music with
    your computer. If you like this project
    consider getting involved in the project
    h...
    Download LMMS Digital Audio Workstation
  • More »

Linux commands

  • 1
    a2query
    a2query
    a2query - retrieve runtime
    configuration from a local Apache 2 HTTP
    server ...
    Run a2query
  • 2
    a2x
    a2x
    a2x - A toolchain manager for AsciiDoc
    (converts Asciidoc text files to other
    file formats) ...
    Run a2x
  • 3
    crlutil
    crlutil
    crlutil - List, generate, modify, or
    delete CRLs within the NSS security
    database file(s) and list, create,
    modify or delete certificates entries in
    a particul...
    Run crlutil
  • 4
    crm
    crm
    Use crm online using onworks.net
    services. ...
    Run crm
  • 5
    FvwmProxy
    FvwmProxy
    FvwmProxy - the fvwm proxy module ...
    Run FvwmProxy
  • 6
    FvwmRearrange
    FvwmRearrange
    FvwmRearrange - rearrange fvwm windows ...
    Run FvwmRearrange
  • More »

Ad