Non-root access of ports / services

Similar Messages

• Issue: non-root access to Java Desktop System

  Hello,
  Rookie here. i have been using Solaris 10 with no problem and accessing the GUI thru the Java Desktop system with no problem. i created a new non-root user 'user1' on the system with all default parameters assigned to the user when doing 'useradd user1'. these default parameters assume a default home directory is assigned to the user, correct? i am able to access the system with 'user1' via console and remote, but i cannot access the GUI thru the Java Desktop system with this user. It accepts my credentials then it flashes a couple of times and sends me back to the welcome log-in screen.
  Are there additional permission that i need to grant this user to access GUI via JDS? i'm able to do everything else as normal. Any help is appreciated.

  doing 'useradd user1'. these default parameters assume a default home directory is assigned to the user, correct? i am Incorrect. man useradd paying attention to -d and -m. Solaris defaults to /export/home and will usually throw an error if you try to use /home as it's controlled by the automounter.
  If it's just a test user account then userdel followed by useradd again.
  alan

• Non-root access to JDS

  Hello,
  Rookie here. i have been using Solaris 10 with no problem and accessing the GUI thru the Java Desktop system with no problem. i created a new non-root user 'user1' on the system with all default parameters assigned to the user when doing 'useradd user1'. these default parameters assume a default home directory is assigned to the user, correct? i am able to access the system with 'user1' via console and remote, but i cannot access the GUI thru the Java Desktop system with this user. It accepts my credentials then it flashes a couple of times and sends me back to the welcome log-in screen.
  Are there additional permission that i need to grant this user to access GUI via JDS? i'm able to do everything else as normal. Any help is appreciated.

  Unless you specify the '-m' flag to 'useradd', the new users homedirectory will Not be created.
  You will have to create the directory manually, first determine the setting of the homedirectory with, for example, finger, aka:
  finger user1
  Then create the directory with
  mkdir <directory>
  and then change the ownership of it:
  chown user1 <directory>
  HTH
  .7/M.

• Allowing non-root access to view disk quotas

  Hi, we have a need to allow a non-root user (as in the Help Desk) to look at users' quotas on various filesystems. I have tried running the quota command as an argument to ppriv, but rather than telling me what privileges are needed, I just get this:
  ppriv -De quota -v youngbp
  quota: youngbp (uid 200): permission denied
  Is there a way in Solaris 10 to allow a non-root user to do this?
  Also, does anyone have any experience using the perl Quota module as a non-root user to examine a user's quota? Thanks...
  Jim McCullars
  University of Alabama in Huntsville

  You may also try RBAC
  http://www.sun.com/blueprints/0603/817-3062.pdf
  http://docs.sun.com/app/docs/doc/819-3321/6n5i4b7ao?l=en&a=view&q=RBAC
  http://docs.sun.com/app/docs/doc/806-4078/6jd6cjs4o?a=view
  Edited by: Noel.del@Rosario on Feb 19, 2008 4:07 AM
  Edited by: Noel.del@Rosario on Feb 19, 2008 4:13 AM
  Edited by: Noel.del@Rosario on Feb 19, 2008 4:40 AM

• [SOLVED] How to set non-root access to serial ports?

  I have this device which is listed as
  /dev/ttyUSB0
  I need to
  sudo chown sms /dev/ttyUSB0
  every time I reboot. Normally I would think to add myself to some group but "tty" group is not doing the trick... proof:
  [sms@sms-linux ~]$ groups sms
  tty wheel sms
  [sms@sms-linux ~]$ MinOZW
  Starting MinOZW with OpenZWave Version 1.0.758
  2014-03-15 06:32:07.921 Cannot find a path to the configuration files at ../../../config/, Using /usr/local/etc/openzwave/ instead...
  2014-03-15 06:32:07.928 mgr, Added driver for controller /dev/ttyUSB0
  2014-03-15 06:32:07.929 Opening controller /dev/ttyUSB0
  2014-03-15 06:32:07.931 Trying to open serial port /dev/ttyUSB0 (attempt 1)
  2014-03-15 06:32:07.933 ERROR: Cannot open serial port /dev/ttyUSB0. Error code 13
  2014-03-15 06:32:07.935 ERROR: Failed to open serial port /dev/ttyUSB0
  2014-03-15 06:32:07.936 WARNING: Failed to init the controller (attempt 0)
  ^C
  [sms@sms-linux ~]$ sudo MinOZW
  [sudo] password for root:
  Starting MinOZW with OpenZWave Version 1.0.758
  2014-03-15 06:32:23.776 Cannot find a path to the configuration files at ../../../config/, Using /usr/local/etc/openzwave/ instead...
  2014-03-15 06:32:23.782 mgr, Added driver for controller /dev/ttyUSB0
  2014-03-15 06:32:23.784 Opening controller /dev/ttyUSB0
  2014-03-15 06:32:23.786 Trying to open serial port /dev/ttyUSB0 (attempt 1)
  2014-03-15 06:32:23.794 Serial port /dev/ttyUSB0 opened (attempt 1)
  Edit: yes, it was after logout and even reboot.
  Last edited by smsware (2014-03-15 15:07:15)

  Hi,
  I also have a similar problem. I added myself to uucp group, but I still cannot access the serial port.
  [manjaro@mycomp work]$ sudo gpasswd -a manjaro uucp
  [sudo] password for manjaro:
  Adding user manjaro to group uucp
  [manjaro@mycomp work]$ groups manjaro
  lp wheel uucp network video audio storage users
  [manjaro@mycomp work]$ ls -l /dev/ttyUSB0
  crw-rw---- 1 root uucp 188, 0 23.06.2014 21:32 /dev/ttyUSB0
  [manjaro@mycomp work]$ lpc21isp firmware.hex /dev/ttyUSB0 19200 11059
  lpc21isp version 1.97
  File firmware.hex:
  loaded...
  Start Address = 0x00004F9C
  converted to binary format...
  image size : 30304
  Image size : 30304
  Can't open COM-Port /dev/ttyUSB0 ! (Error: 13d (0xD))
  But when I try as root, it works:
  [manjaro@mycomp work]$ sudo lpc21isp firmware.hex /dev/ttyUSB0 19200 11059
  [sudo] password for manjaro:
  lpc21isp version 1.97
  File firmware.hex:
  loaded...
  Start Address = 0x00004F9C
  converted to binary format...
  image size : 30304
  Image size : 30304
  Synchronizing (ESC to abort)..... OK
  Read bootcode version: 13
  Download Finished... taking 27 seconds
  Now launching the brand new code
  Do you have any idea what I am doing wrong?
  Last edited by manjaro (2014-06-23 19:57:40)

• How to make none root user to connect to TCP Port  (web ports)

  how to make none root user (any user)
  to connect to TCP Port 80 or port 81 or any port less than 1024
  cause i have web server i want to run and stop service with none root userand on port 80 and port 81
  can you help me and give me steps

  I believe Solaris 9 also has RBAC control. If so then all you need to do is present the uid with the PRIV_NET_PRIVADDR privilege. See the privielegs(5) manpage for more information on the subject.
  This privilege will allow the userid to bind to ports < 1024. You can give a user this privilege either by using usermod (you will probably need the auth_attr(4) manpage as well) after which you need to login again. Or you can try using ppriv to modify the privileges on the users shell.

• Running as non-root user

  How do I run the application server instance as non-root user on port <= 1024?
  I am using Sun One Application Server 7.0
  Thanks in advance
  Sri.

  Two options:
  1) Start an instance using the root user, but configure the instance to switch to a non-root user upon startup. Use the "User" directive in the init.conf file of an instance to specify the user
  http://docs.sun.com/source/816-7155-10/crinit.html#17116
  You should also see the "Run As" setting of an instance in the administrative GUI.
  2) Via the ndd command, you can set the smallest non-priveleged port number. See ndd documentation concerning the following setting:
  tcp_smallest_nonpriv_port
  Once you make the ndd setting, you can use a non-root user to listen on a port number that is equal to or greater than the value of the tcp_smallest_nonpriv_port setting.
  Chris

• Setting previleges to a non-root user account to access ports

  Hello ,
  I am tring to do an icmp-ping to a machine in the network from an application by connecting to icmp port through a raw socket.
  My question is i am able to connect to icmp port using raw socket only in root user account. But my application should run under a non root user account and do the ping for me.
  1)How do i set previleges to a particular user to access icmp port?
  I am running the application on solaris 9
  2)I read a paper on net saying ports from 0 to 1024 can only be accessed by a root user account?
  Why is this and what can be done for a non-root user account to access these ports.
  3) Is this possible in solaris 9.
  Thanks in Advance,
  cheers,
  pal

  There is only one solution: create a new Standard user account and set it as your auto login account, if you use that feature.
  Using what you describe is mostly a false sense of security. Were someone to hack into the computer they could hack into the standard account, so you would not wish to keep any sensitive data in that account. Other things to consider:
  Turn on your Firewall in Security & Privacy preference panel.
  Use software to mask your online presence such as ProxyCap 2.03, MacProxy, Proxifier, or Hotspot Shield.

• Accessing external web service with non-constant URL

  Hello, all
  I am looking in the documentation on accessing external web services, but either I am looking in the wrong place, or the documentatoin is lacking info.
  My clients have several web services in the local network (regular services, not DB-based), the have the same interface, but different URL's.
  Versions of the DB are 11, 12, and 16.
  First of all, I do not see in the specs an option for a non-hardcoded URL. The logic says that this has to be possible, but I cannot find it.
  Second, I need to see an example of accessing an XML or JSon based service, I cannot find it in the specs either.
  Can anyone point me to a document with examples?
  Thank you
  Arcady

  The following will call a web service with whatever URL you pass in as the argument "myurl".  I think that is what you are looking for.
  CREATE PROCEDURE cli_test2( myurl LONG VARCHAR )
  RESULT( httpheaders long varchar, httpvalues long varchars
  URL '!myurl'
  To deal with the resulting data in XML, use the OPENXML() function.
  eg. To turn an XML list of employees that looks like this:
  <root>
  <row EmployeeID="102" Surname="Whitney" GivenName="Fran" StartDate="1984-08-28"/>
  </root>
  into a table of results, you would do this (where xmlgetemplist() is the web service call):
  CREATE OR REPLACE PROCEDURE xmlgetemplist() RESULT( httpheader long varchar, httpbody long varchar)
  URL 'http://localhost/demo/xmlEmployeeList'
  TYPE 'HTTP:GET';
  create variable res long varchar;
  -- call the web service
  select httpbody into res from xmlgetemplist() where httpheader = 'Body'
  -- extract the XML elements into a SQL result set
  select * from openXML( res, '/root/row' ) WITH ( EmployeeID INT '@EmployeeID',
         GivenName    CHAR(20) '@GivenName',
         Surname      CHAR(20) '@Surname',
         PhoneNumber  CHAR(10) '@Phone');
  To deal with the resulting data in JSON, use the sp_parse_json() procedure.
  eg.
  To turn a JSON formatted list of employees that looks like this:
  "EmployeeID": 102,
  "Surname": "Whitney",
  "GivenName": "Fran",
  "StartDate": "1984-08-28",
  "TerminationDate": null
  into a table of results, you would do this (where jsongetemplist() is the web service call):
  CREATE OR REPLACE PROCEDURE jsongetemplist() RESULT( httpheader long varchar, httpbody long varchar)
  URL 'http://localhost/demo/jsonEmployeeList'
  TYPE 'HTTP:GET';
  create variable foo long varchar;
  --call the webservice
  select httpbody into foo from jsongetemplist() where httpheader = 'Body';
  --turn the json result into a structured array of data
  -- this step is required because of less structured nature of JSON
  call sp_parse_json( 'output_array', foo);
  --extract the JSON elements from the output array into a SQL result set
  SELECT  output_array[[row_num]].EmployeeID as EmployeeID,
                 output_array[[row_num]].SurName as SurName,
                 output_array[[row_num]].GivenName as GivenName,
                 output_array[[row_num]].StartDate as StartDate,
                 output_array[[row_num]].TerminationDate as EndDate
  FROM sa_rowgenerator(1, CARDINALITY(output_array))
  Hope this helps,
  --Jason

• Non-root user can't start Apache on port 443

  Today I've been attempting to get SSL working for my Oracle Applications 11i (11.5.10.2) installation and I just hit a small problem. I've followed all of the Oracle literature I've come across, which instructed me to create a new (non-root) user to own the database tier and the applications tier. I've also followed the instructions for configuring SSL ([Doc 123718.1|https://metalink2.oracle.com/metalink/plsql/f?p=130:14:6976756808231635106::::p14_database_id,p14_docid,p14_show_header,p14_show_help,p14_black_frame,p14_font:NOT,123718.1,1,1,1,helvetica]) and the SSL wizard in OAM defaults to the standard HTTPS port (443). However, because 443 is a privileged port, a non-root user cannot bind to it. In other words, the Oracle literature itself has led me to an impossible situation. This is what I see in the Apache error log:
  [Fri May 15 15:05:03 2009] [crit] (13)Permission denied: make_sock: could not bind to port 443
  At this point, I see two choices:
  1. Run the application tier services as root.
  2. Change the SSL port to something greater than 1024 (i.e. 4443).
  I'm leaning towards option #2, since option #1 negates the advantage of using a non-root user to begin with. Does anyone have any other suggestions? Does Oracle have any recommendations for this scenario?

  Hi,
  You just need to start Apache as root (not all the application services). For Option 1, the application tier files should be owned by applmgr/oracle user (not root), and for Option 2, you do not need to change the port (though it is valid option). Just follow the steps in the following document.
  Note: 356080.1 - How to run Apache on Port 80 in Apps 11i
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=356080.1
  BTW, this is mentioned in the document "if you have chosen port 443 (or any port under 1024) for your SSL port, you will have to start Apache as root".
  Regards,
  Hussein

• Running VMware Server 2 services as a non-root user

  Hello,
  I have switched from VirtualBox to VMware Server 2 on my Arch64 server and the transition has been relatively painless. I am at the point now where I want to run VMware's services as a non-root user account (I have a service account called "svc-vmadmin" that I'd like to use). I'm generally not comfortable running services as root, but at the same time I'm conscious of the time and effort required vs. overall benefits.
  I've done the usual Google searches and even checked the VMware Server 2 user guide and the VMware community, but I can't find specific details on how to achieve this.
  Is this even plausible in a Linux environment? I used to run VMware Server 1 under the SYSTEM account on Windows Server, so I'm hopinga similar thing can be done on Arch.
  I would greatly appreciate any information or personal experience that fellow Archers can share.
  Thanks,
  Thom

  System services are handled by launchd.
  If you look in /System/Library/LaunchDaemons/ you'll see a plist file for each service including org.isc.named.plist, the plist for named.
  If you edit this file you'll see it's an XML document that describes the service and how the OS should handle it, including the part:
  <key>ProgramArguments</key>
  <array>
  <string>/usr/sbin/named</string>
  <string>-f</string>
  </array>
  Just append another entry in the array that says <string>-u nobody</string> (or whatever username you want to run as.

• [Solved] Non-root user cannot access mounted ntfs filesystem

  Hi -,
  i have a dualboot system (arch/xfce + win7) and i use a ntfs partition /dev/sda2 to store files i use with both operating systems. I added the partition to fstab and it gets mounted, but i cannot access it with my non-root user. With root it works fine...
  My fstab:
  # cat /etc/fstab
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  tmpfs /tmp tmpfs nodev,nosuid 0 0
  LABEL=home /home ext4 defaults 0 1
  LABEL=root / ext4 defaults 0 1
  LABEL=swap swap swap defaults 0 0
  /dev/sda2 /media/sda2 ntfs defaults 0 2
  Is there any option that allows all users to use the mounted device? Or how is this usually done ...
  Last edited by muzzel (2012-05-30 20:39:58)

  See: NTFS-3G for important setup information.
  My fstab line looks like:
  /dev/sdb1 /media/Win_USB ntfs-3g uid=1000,gid=users,fmask=113,dmask=0022 0 0
  This sets up some important parameters which the NTFS-3G Wiki Page covers.  Basically, "ntfs" is only a basic driver and is built into the kernel.  "ntfs-3g" is a much better, and less disk-eating, driver that you should install and use if you need the drive in Linux any more than occasionally.  My fstab line makes my user (1000) the owner and the masks lets me write and etc to it.  When you install NTFS-3G it is automatically used when you use the mount command to mount NTFS drives.  In fstab, as above, you would specify it explicitly.
  You can find your own user number by entering "id" at a terminal.

• Add root user to access all server services?

  Hi,
  How do I add root user in snow leopard server to access all its services. I have a admin account from which i can access all services but looking for root user to access all server services.
  When ever I'm trying to ssh using root it gives an error.
  Please find the error output below.
  arth:~ gulab$ ssh [email protected]
  Password:
  Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
  Thanks,
  Gulab Pasha

  The root account is, and should be, disabled. There is no need to log in as root.
  If you require root-level privileges for any task, use sudo once you've logged in using your admin account. If you need a root shell, then:
  sudo -s
  is your friend.
  There used to be a way to enable the root account under earlier OS versions. There may still be a way to do it in 10.6 but I've never bothered looking since it's not needed.

• [SOLVED] Launching systemd service as non-root user

  I need to launch a systemd service as a non-root user. I've looked at this but I'm fairly confused. I don't have xorg or any desktop environment installed (this is a remote server I SSH into) but when I run
  systemctl --user status
  I get
  Failed to get D-Bus connection: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11
  What am I doing wrong?
  Last edited by gsingh93 (2013-12-01 07:29:29)

  I was going in the wrong direction. All I had to do was add 'User=username' and 'Group=groupname' in the [Service] section.

• Can cisco MSE(mobility service engine) configured to work with non-cisco access points?

  I understand that access points can be configured to forwards all the probe requests to cisco wifi controller. cisco MSE(mobility service engine) gets the probes from wifi controller to find the location of the mobile devices.
  My question, can cisco MSE(mobility service engine) be configured to work with non-cisco access points?

  No and the reason why is the NMSP communication from the MSE to the WLC. Other vendors don't support this so there is no communication happening.
  -Scott