Re: www user than root
From: Jeremie Le Hen (jeremie_at_le-hen.org)
Date: 06/23/05
- Previous message: Maxim Konovalov: "Re: www user than root"
- In reply to: Abu Khaled: "Re: www user than root"
- Next in thread: Jeremie Le Hen: "Re: www user than root"
- Reply: Jeremie Le Hen: "Re: www user than root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 23 Jun 2005 15:30:02 +0200 To: Abu Khaled <khaled.abu@gmail.com>
Hi Khaled,
> Is it a good idea to run daemons on non privileged ports as a normal
> user (eg. www) then have natd or a firewall redirect the traffic
> targetting the privileged port.
>
> For example:
>
> A web server running as user www on port 8000.
> IPFW, IPNAT, PF or NATD redirecting port 80 to port 8000.
>
> Is such a soloution a good idea?
> I read in man natd that one can redirect traffic comming on the
> gateway on port 80 to one or many servers running daemons on non
> privileged ports.
Yes it might be a good idea, but again, it depends on your security
requirements : any user is able to bind port 8000, so if you have
other users on the system, this may not be something to avoid.
But FWIW, this would totally remove the need to make a privileged part
in your application.
Regards,
-- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Maxim Konovalov: "Re: www user than root"
- In reply to: Abu Khaled: "Re: www user than root"
- Next in thread: Jeremie Le Hen: "Re: www user than root"
- Reply: Jeremie Le Hen: "Re: www user than root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
