UNIX and ports < 1024

This article was first written in May 2005 for the BeezNest technical
website (http://glasnost.beeznest.org/articles/262).

On UNIX, the ports < 1024 are accessible to user root only.

That has many implications, as then most standard networked servers have to start as root anyway, because they use well-known ports (like HTTP, SMTP, POP, IMAP, FTP, …).

To reduce the risk, most of them then start as root, open the port(s) they need and then change to another user. For example, Apache does it like this.

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on TumblrEmail this to someone

Leave a Reply

Your email address will not be published. Required fields are marked *