Why can't a non-root user use ports less than 1024?

D

DVoropaev2018-07-25 09:33:32

Network administration

DVoropaev, 2018-07-25 09:33:32

I study the manual for Wowza Streaming Engine.
Found this note there:

Note
For security reasons, the non-root user can't bind to port numbers less-than or equal to 1024 on most
Linux and Unix distributions. If you plan to run the Wowza Streaming Engine server on a lowernumbered
ports such as 80 (HTTP), 443 (HTTPS, RTMPS), or 554 (RTSP), the server must continue
to run as the root user.

Note
For security reasons, a non-root user cannot bind to port numbers less than or equal to 1024 on most
Linux and Unix. If you plan to run the Wowza Streaming Engine server on lower
ports such as 80 (HTTP), 443 (HTTPS, RTMPS) or 554 (RTSP), the server must continue
to run as root

Why such considerations?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

M

m0nym, 2018-07-25
@m0nym

Historically.
It's like a service

P

pfg21, 2018-07-25
@pfg21

protection from the fool.
on ports below 1024 hang many network maintenance and support services and a third-party program (read a virus or a trojan) that has gained access to them can seriously change the network.
therefore, programs from a simple user (the basic source of viruses on the workstation) are not allowed to "system" ip-ports, as well as to other vital OS functionality.

I

Ilya Zelenchuk, 2018-07-25
@zelenchuk

Basic Internet services are running on ports <1024. To prevent a non-root user from accidentally running his web server, DNS, mail or other service on the service server, this restriction was introduced. Otherwise, by giving a non-root user access to the server, he will be able to run his own SMTP / POP3 and / or DNS, etc. server and serve users on behalf of your server.