On Thu, Jan 03, 2002 at 08:55:31PM +0900, chulmin wrote: > I know that only root account bind a port below 1024. > and anyuser except root can bind or use a port above 1024.
Heh, it isn't that simple, with POSIX 1.e capabilities. But, for 99.99% of all users, it is the case. Just be aware that the capabilities thing modifies this... > But named process uses udp port 53 with named uid. > How can it be possible? > and is it illegal or exception? named is started as root, binds the port, listens, and then calls setuid() and setgid() and friends to drop root privs. It still has the socket descriptor open, and can still call accept() on the socket. Once it has called the setuid and setgid functions, it is running without root capabilities. For more details, check out the manpages for setuid and setgid. Cheers! -- "I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's." -- Kee Hinckley
msg00080/pgp00000.pgp
Description: PGP signature
