Socket access to low numbered ports?

John Burton wrote:

Has anyone got any suggestion on the best way to allow my program to
listen on those socket without runing as root when doing anything else?
Ideally I want this to be portable so the same program still runs on
windows.

The standard practice is to make the program setuid, be root just long
enough to bind to the socket, then change to an unprivileged user (like
"daemon"). The idea is to run as little code as root as possible.

You can make a program suid root like this:

# chown root.root myprog.py
# chmod a+s myprog.py

And you can change users in Python like this:

----------------
import os
os.setreuid(2, 2)
----------------

UID 2 is normally the daemon user. If you want to use a different user
you can refer to the /etc/passwd file.

You may also want to run as the user who spawned the program in the
first place:

----------------
import os
uid = os.getuid() # Gets the "real" UID

# Do your socket binding

os.setreuid(uid, uid)
----------------

Hope this helps.

Dan Boitnott
da*@lclinux.org

Dan Boitnott wrote:

John Burton wrote:

Has anyone got any suggestion on the best way to allow my program to
listen on those socket without runing as root when doing anything else?
Ideally I want this to be portable so the same program still runs on
windows.

The standard practice is to make the program setuid, be root just long
enough to bind to the socket, then change to an unprivileged user (like
"daemon"). The idea is to run as little code as root as possible.

You can make a program suid root like this:

# chown root.root myprog.py
# chmod a+s myprog.py

And you can change users in Python like this:

----------------
import os
os.setreuid(2, 2)
----------------

UID 2 is normally the daemon user. If you want to use a different user
you can refer to the /etc/passwd file.

You may also want to run as the user who spawned the program in the
first place:

----------------
import os
uid = os.getuid() # Gets the "real" UID

# Do your socket binding

os.setreuid(uid, uid)
----------------

Hope this helps.

Well it does - thanks for that - except that setting the set uid bit on
the script doesn't seem to actually work. This is on gentoo linux.

John Burton wrote:

Dan Boitnott wrote:

> John Burton wrote:
>

Well it does - thanks for that - except that setting the set uid bit on
the script doesn't seem to actually work. This is on gentoo linux.

Indeed it doesn't. You have to use a wrapper of some sort. Google should
help you on finding one.

Tuure Laurinolli wrote:

John Burton wrote:

Dan Boitnott wrote:

> John Burton wrote:
> Well it does - thanks for that - except that setting the set uid

bit on
the script doesn't seem to actually work. This is on gentoo linux.

Indeed it doesn't. You have to use a wrapper of some sort. Google should
help you on finding one.

Ok, I'm now using sudo to launch the application which just opens the
listening sockets and then calls os.setuid to set the uid back to an
unprivilaged account.

It seems to work fine.

Thanks for the help.

John Burton <jo*********@jbmail.com> writes:

Ok, I'm now using sudo to launch the application which just opens the
listening sockets and then calls os.setuid to set the uid back to an
unprivilaged account.

That's how Apache does it too, more or less. Another method under
Linux is have a separate process that opens the low ports, and use an
AF_UNIX socket to pass the low ports back to your application through
ancillary messages. That requires a patch to the socket module, which
I'll see about coding up. I currently have a Sourceforge bug
(#815869) open for it.

Paul Rubin wrote:

John Burton <jo*********@jbmail.com> writes:

Ok, I'm now using sudo to launch the application which just opens the
listening sockets and then calls os.setuid to set the uid back to an
unprivilaged account.

That's how Apache does it too, more or less. Another method under
Linux is have a separate process that opens the low ports, and use an
AF_UNIX socket to pass the low ports back to your application through
ancillary messages. That requires a patch to the socket module, which
I'll see about coding up. I currently have a Sourceforge bug
(#815869) open for it.

The advantage of the original approach is that I want this to be
portable back to windows and the code can be the same except that it
doesn't do the the os.setuid on windows. This idea, while interesting,
would be harder to make portable I think.