How to open a port in Linux less than 1024 to a normal user?

A

Aristes2015-11-27 12:45:02

linux

Aristes, 2015-11-27 12:45:02

Good afternoon!
There is a somewhat stupid question.
As you know, ports up to 1024 are reserved and in this zone ordinary users (systems) cannot assign ports, except for root of course.
And the problem is that I have graylog2, which is launched from its group and user without root rights to the system. And the syslog port is -> 514 UDP, and graylog2 cannot open these ports, because there are not enough rights.
Run syslog on another port, you say, but I have switches in which the port cannot be specified in the Remote Syslog settings ... Pichalka.
There are 2 options:
1) Run GrayLog2 as a native user but with finely tuned rights.
2) Run GrayLog2 as root.
According to the first option, I don’t understand how to do this ... Please tell me. Point to the true path.
According to the second option, everything is clear, but this is too unsafe solution.
Well, what are your options ... other ways?
Thanks for answers.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

V

Vlad Zhivotnev, 2015-11-27
@Aristes

setcap 'cap_net_bind_service=+ep' /path/to/graylog/binary
(this must be said from root).

A

Armenian Radio, 2015-11-27
@gbg

Just the port redirection method is a potentially dangerous crutch - you made a private entity public.

O

Oleg Tsilyurik, 2015-11-27
@Olej

How to open a port in Linux less than 1024 to a normal user?

Ports up to 1024 are privileged. Only root can work with them. Any indirect tricks will also come down to the fact that you get root rights.

P

protven, 2015-11-27
@protven

Give sudo rights to the user. Run setuid. There are a lot of options. The most kosher, IMHO, is to give sudo to this user for this particular action.

K

kpcp, 2021-01-20
@kpcp

the problem is solved by 1 line
iptables -A PREROUTING -t nat -p udp --dport 514 -j REDIRECT --to-port 5145