I wrote a tiny "sockfs" filesystem last year which lets you set
owner, group and permissions on privileged sockets. If slapd is the
username under which you're running the slapd LDAP daemon (for
example) then you do
insmod sockfs.o
mount -t sockfs sockfs /sock
chown slapd /sock/389
The write permission bit (and owner and group) set on each /sock/n
determines who can bind to port n. Other permission bits are ignored.
I mailed it uuencoded to linux-kernel last September since it's so
small (6K), but I've now also made it available from
ftp://ftp.ox.ac.uk/pub/linux/sockfs-a1.tar.gz
It's only for 2.0 but it should be easy enough to port to 2.1.
The only kernel patch involved is the addition of a prot_sock_ok
function pointer (which the sockfs filesystem modules reassigns)
and the important part is just:
if (snum == 0)
snum = get_new_socknum(sk->prot, 0);
+ if (prot_sock_ok)
+ return prot_sock_ok(AF_INET, snum);
if (snum < PROT_SOCK && !suser())
return(-EACCES);
--Malcolm
-- Malcolm Beattie <mbeattie@sable.ox.ac.uk> Unix Systems Programmer Oxford University Computing Services- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu