Very Computer

> A quick question... I am using Redhat Linux 7.x and 8.x. I need to know
> how I can deny users on a server from binding to non-superuser ports
> without interfering with legitimate operations/programs they might need
> to use? Any solution for FreeBSD would be great as well.

> I want to make it so a user can't create a script and use sockets to
> bind to a 1024+ port and run IRC or some script to open a local SMTP
> gateway or run some other chat service or something without my approval.
> Is this simply done with firewalls or is there a specific configuration
> or kernel option to make this impossible for users, without specifically
> allowing them this access somehow?

> This could prevent spending time looking out for this. Please let me
> know if there's any URL's specific to this or any specific formula or
> solution. I thought I saw something about this before on some sites, but
> searching using all the appropriate words and phrases are pulling up a
> lot of irrelevant sites. Thank you.

> TIA -- Tom

> Hi,

> A quick question... I am using Redhat Linux 7.x and 8.x. I need to know
> how I can deny users on a server from binding to non-superuser ports
> without interfering with legitimate operations/programs they might need
> to use? Any solution for FreeBSD would be great as well.

> I want to make it so a user can't create a script and use sockets to
> bind to a 1024+ port and run IRC or some script to open a local SMTP
> gateway or run some other chat service or something without my approval.
> Is this simply done with firewalls or is there a specific configuration
> or kernel option to make this impossible for users, without specifically
> allowing them this access somehow?

> This could prevent spending time looking out for this. Please let me
> know if there's any URL's specific to this or any specific formula or
> solution. I thought I saw something about this before on some sites, but
> searching using all the appropriate words and phrases are pulling up a
> lot of irrelevant sites. Thank you.

> > Hi,

> > A quick question... I am using Redhat Linux 7.x and 8.x. I need to know
> > how I can deny users on a server from binding to non-superuser ports
> > without interfering with legitimate operations/programs they might need
> > to use? Any solution for FreeBSD would be great as well.

> > I want to make it so a user can't create a script and use sockets to
> > bind to a 1024+ port and run IRC or some script to open a local SMTP
> > gateway or run some other chat service or something without my approval.
> > Is this simply done with firewalls or is there a specific configuration
> > or kernel option to make this impossible for users, without specifically
> > allowing them this access somehow?

> > This could prevent spending time looking out for this. Please let me
> > know if there's any URL's specific to this or any specific formula or
> > solution. I thought I saw something about this before on some sites, but
> > searching using all the appropriate words and phrases are pulling up a
> > lot of irrelevant sites. Thank you.

> You should have iptables compiled into the kernel since you're using RH
> 7/8.x. Type: "iptables -m owner --help" and look at --uid-owner,
> --gid-owner, etc. That should get you started with firewall rules and
> denying source/destination ports for specific users, or any user/group
> that's not specifically allowed with whatever port range you want. If
> you want someone else and this isn't the solution you were looking for,