4

I want to run a one-time web server on port 80, which I will never run again.

Is there something like 'sudo' that gives only temporary CAP_NET_BIND_SERVICE, not real root, to a process? So that we don't have to use chmod or setcap.

Bob Johnson
  • 449
  • 2
    I’m not sure this is satisfactory for you (it needs to run as root, before dropping capabilities and changing users), but capsh allows you to construct a specific set of capabilities before starting a program. – Stephen Kitt Oct 26 '19 at 11:01
  • fakeroot might be what you're searching for – Sir Muffington Oct 26 '19 at 11:44
  • a new project ( https://github.com/SamerW/RootAsRole ) seem to match your need – EchoMike444 Oct 26 '19 at 20:48
  • For a different method specific to binding a socket to a privileged port for non-root daemons, usually available on Debian-like OSes (but usually not packaged for RHEL-like OSes), there's authbind: transparently (LD_PRELOAD) loads an helper which replaces the bind() call by executing it through a forked suid root binary helper which will do the actual bind() on the shared (socket) file descriptor. – A.B May 21 '20 at 00:34

0 Answers0