|Installation • Kernel & Hardware • Networks • Portage • Software • System • X Server • Gaming • Non-x86 • Emulators • Misc|
To have working accessfs permission management system and ports below 1024 accessible (bind-able) by non-privileged user.
What's it and what's it for
Accessfs is a virtual filesystem used for permission management. In this HOWTO we'll cover IP port permissions. On usual POSIX systems, ports <1024 are restricted to the superuser only, forcing a daemon to start as a superuser (creating a potential security threat if priviledges aren't dropped properly).
Cool, let's do it
Download the appropriate (= compatible with your kernel) version of accessfs kernel patch from http://www.olafdietsche.de/linux/accessfs/. Now make sure your kernel symlink points to correct version:
ls -l /usr/src/linux
If it's OK, go to that directory and apply the patch you've just downloaded:
zcat /path/to/the/accessfs-patch.gz | patch -p1
If the patch went OK, continue with
make menuconfig code> (or xconfig, oldconfig... whatever you like) and configure the accessfs part like this:
|Linux Kernel Configuration: Accessfs Kernel Modules Config|
File Systems ---> Miscellanenous filesystems ---> <M> Accessfs support (Experimental) <M> User permission based IP ports (1024) Range of protected ports (1024-65536) (NEW) <M> User permission based capabilities
I recommend to compile them as modules, so you can easily turn it on and off and you don't have to reboot. Port range we want to protect can be specified as a module parameter (max_prot_sock) at load time. Now compile these modules and install them, remerge any required module packages as well (alsa-driver, nvidia-kernel, ati-drivers, realtime-lsm... et cetera) and run update-modules:
make modules make modules_install update-modules
Now we should try loading them...
modprobe accessfs modprobe usercaps modprobe userports
Finally, chown a port and try if a user-mode server binds to it.
chown your_username /proc/access/net/ip/bind/PORT foo-server --port PORT
Add these 3 modules to
/etc/modules.autoload.d/kernel-2.6 code> so they load during boot and you're done.
Ports represented by files now reside in /proc/access/net/ip/bind/, you may chmod and chown them as you wish. Your changes will not affect root-based servers, so it's quite indestructive.
Created by NickStallman.net, Luxury Homes Australia
Real estate agents should list their apartments, townhouses and units in Australia.