1 .\" Hey, Emacs! This is an -*- nroff -*- source file.
2 .\" Authors: Ian Jackson
4 .\" authbind is Copyright (C) 1998 Ian Jackson
6 .\" This program is free software; you can redistribute it and/or modify
7 .\" it under the terms of the GNU General Public License as published by
8 .\" the Free Software Foundation; either version 2, or (at your option)
11 .\" This program is distributed in the hope that it will be useful,
12 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
13 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 .\" GNU General Public License for more details.
16 .\" You should have received a copy of the GNU General Public License
17 .\" along with this program; if not, write to the Free Software Foundation,
18 .\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 .TH AUTHBIND 1 "30th August 1998" "Debian Project" "Debian Linux manual"
24 authbind \- bind sockets to privileged ports without root
27 .RI [ options "] " program " [" argument " ...]"
30 allows a program which does not or should not run as root to bind to
31 low-numbered ports in a controlled way.
33 You must invoke the program using
34 .BR authbind ". " authbind
35 will set up some environment variables, including an
37 which will allow the program (including any subprocesses it may run)
38 to bind to low-numbered (<512) ports if the system is configured to
45 arranges for only the program which it directly invokes to be affected
46 by its special version of
50 then all programs which that program invokes directly or indirectly
51 will be affected, so long as they do not unset the environment
58 to affect programs which are
60 deep in the calling graph. The default is
63 Access to low numbered ports is controlled by permissions and contents
64 of files in a configuration area,
68 .BR /etc/authbind/byport/ [ ! ]\fIport\fR
69 is tested. If this file is accessible for execution to the calling
72 then binding to the port is authorised. If the file can be seen not
73 to exist (the existence check returns
75 then further tests will be used to find authorisation; otherwise,
76 binding is not authorised, and the
78 call will return with the
84 .RI ( "Permission denied" ).
86 Secondly, if that test fails to resolve the matter,
87 .BR /etc/authbind/byaddr/ \fIaddr\fR : [ ! ]\fIport\fR
88 is tested, in the same manner as above.
90 Thirdly, if the question is still unresolved, the file
91 .BR /etc/authbind/byuid/ [ ! ]\fIuid\fR
92 will be opened and read. If the file does not exist then the binding
97 .RI ( "Operation not permitted" ", or " "Not owner" ).
98 If the file does exist it will be searched for a line of the form
100 .IB addr4 / length : min\-port , max\-port
101 .IR addrmin [\fB-\fR addrmax ]\fB:\fR min\-port \fB,\fR max\-port
103 matching the request. The first form requires that the initial
107 match those in the proposed
109 call. The second form requires that the address lies in the
110 relevant range (inclusive at both ends). Addresses can
111 be in any form acceptable to inet_pton. In both cases
112 the proposed port number must lie is in the inclusive range
113 specified. If such a line is found then the binding is authorised.
114 Otherwise it is not, and
118 .RI ( "No such file or directory" ).
123 is the (local) TCP or UDP port number, expressed as an unsigned
124 integer in the minimal non-zero number of digits, and
127 is the (local) IP address, as a dotted quad.
129 If a read error occurs, or the directory
131 cannot be accessed, then not only will
133 fail, but an error message will be printed to stderr. Unrecognised
135 .BI /etc/authbind/byuid/ uid
136 files are silently ignored (as are lines whose
138 has non-zero bits more than
142 Authorising binding to ports from 512 to 1023 inclusive is
143 not recommended. Some protocols (including some versions of NFS)
144 authorise clients by seeing that they are using a port number in this
145 range. So by authorising a program to be a server for such a port,
146 you are also authorising it to impersonate the whole host for those
147 protocols. To make sure that this isn't done by accident,
148 if the port number requested is in the range 512-1023, all the files
149 checked and read will have the additional
153 The shared library loaded using
157 system call. When a program invoked via
161 to bind a socket to a low-numbered TCP/IP port, and if the program
162 doesn't already have an effective uid of 0, the version of
166 forks and executes a setuid-root helper program. For non-TCP/IP
167 sockets, high-numbered ports, or programs which are already root,
169 passes the call to the original
171 system call, which is found using
177 Usually the normal C error handling mechanisms apply. If
179 cannot find the program it has been asked to execute it will print a
180 message to stderr and exit with code 255.
182 The helper program usually reports back to the shared library with an
183 exit status containing an
185 value which encodes whether the
187 was permitted and successful. This will be returned to the calling
188 program in the usual way.
190 In the case of apparent configuration or other serious errors the
191 library and/or the helper program may cause messages to be printed to
192 the program's stderr, was well as returning -1 from
196 currently only supports IPv4 and IPv6 sockets.
197 Programs which open other kinds
198 of sockets will not benefit from
200 but it won't get in their way.
206 installation specific to a particular C library. This version is for
207 GNU/Linux libc6 (glibc2).
210 may not operate correctly with multithreaded programs. It is
211 inherently very difficult (if not impossible) to perform the kind of
212 trickery that authbind does while preventing all undesirable
213 interactions between authbind's activities and those of (say) a
214 threading runtime system.
216 It is quite possible that
218 and other programs and facilities which use
220 may interfere with each other, causing unpredictable behaviour or even
223 is known sometimes not to work correctly with
225 for example (even supposing it could be determined what `correctly'
226 means in this context).
229 is ineffective with setuid programs, because they do not honour
231 references outside the system directories, for security reasons. (In
232 fact, setuid programs should not honour
235 Of course a setuid-root program does not need
237 but it might be useful to apply it to program which are setuid to
238 another user or setgid. If the author or builder of such a programs
239 wishes it to use authbind they could have it load the
241 library explicitly rather than via
244 Some badly-written programs may have trouble because
246 spawns a child process `under their feet', causing (for example) a
250 signal to be delivered. Programs should not rely on standard
251 libraries not doing these things.
253 The access control configuration scheme is somewhat strange.
254 .SH FILES AND ENVIRONMENT VARIABLES
256 .I /usr/lib/authbind/libauthbind.so.1.0
257 The shared library which
259 causes to be loaded using
261 and which actually implements the diversion of
263 to an external program.
266 The variable used by the dynamic linker when starting dynamically
267 linked programs and deciding which shared libraries to load and
270 program to allow it to override the usual meaning of
276 to use its value as the path to the shared library to put in
278 instead of the compiled-in value. In any case, unless
282 will set this variable to the name of the library actually added to
284 so that the library can find and remove the right entry.
287 This variable is set by
289 to the number of levels left from the
293 option, minus one. It is decremented during
295 by the library on each program call, and the library will remove
298 when it reaches zero. The special value
305 .BR authbind\-helper (8),
310 and this manpage were written by Ian Jackson. They are
312 by him and released under the GNU General Public Licence; there is NO
314 .B /usr/doc/authbind/copyright
316 .B /usr/doc/copyright/GPL