What is the correct way to allow a Java application to listen on a privileged port?

I

izstas2012-07-12 16:46:54

Java

izstas, 2012-07-12 16:46:54

I have a Debian Squeeze server, I have JRE 7 from Oracle, I have a Java application that needs to listen on a few privileged ports (below 1024).
Ways I have tried:

authbind does not support IPv6 and, strangely, only works for ports below 512.
Forwarding via iptables - alas, ip6tables does not support it.

Allowing CAP_NET_BIND_SERVICE via setcap - JRE starts giving an error on startup

java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

What other ways are there? The project, of course, is personal and you can run it as root (which I am doing now), but I would like to do it more correctly.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

Y

YourChief, 2012-07-13
@YourChief

and if rinetd?

H

hard0ff, 2012-07-13
@hard0ff

Create a separate system user: useradd -r

I

ivnik, 2012-07-13
@ivnik

You can also compile your own kernel, for this, in the .../include/net/sock.h file, replace PROT_SOCK from 1024 to 0.
Although this option is not always possible and lowers the system security.

J

johndow, 2012-07-13
@johndow

I don't know how it suits you, but you can do it using Commons Daemon . It allows you to start and initialize the application (bind to ports less than 1024 for example) from root, and then reset the privileges to the level of the user you need.