Eclipse Community Forums - RDF feed
https://www.eclipse.org/forums/
Eclipse Community ForumsUsing privileged ports for RSE
https://www.eclipse.org/forums/index.php/mv/msg/11813/36693/#msg_36693
serverPortRange for RSE? We can use a privileged port for the daemon port
but when we tried using privileged ports for the serverPortRange, it looks
like it answers the connection request, but the connection fails.
We are attempting this in an effort to make the connections more secure so
if there is some limitation, we are interested in how we could remove the
limitation.
Thanks.]]>Denise Schmidt2009-07-01T11:47:50-00:00Re: Using privileged ports for RSE
https://www.eclipse.org/forums/index.php/mv/msg/11813/581650/#msg_581650
The RSE dstore server doesn't distinguish between privileged and
non-privileged ports so I'm not sure what's causing the connection to fail
in this case.
Dave
"Denise Schmidt" <denise.schmidt@lmco.com> wrote in message
news:54182907978dce56be59393be8a5b7bb$1@www.eclipse.org...
> Is there a limitation on using privileged ports (<1024) for the
> serverPortRange for RSE? We can use a privileged port for the daemon port
> but when we tried using privileged ports for the serverPortRange, it looks
> like it answers the connection request, but the connection fails.
>
> We are attempting this in an effort to make the connections more secure so
> if there is some limitation, we are interested in how we could remove the
> limitation.
>
> Thanks.
>]]>David McKnight2009-07-02T15:06:16-00:00Re: Using privileged ports for RSE
https://www.eclipse.org/forums/index.php/mv/msg/11813/36897/#msg_36897
The RSE dstore server doesn't distinguish between privileged and
non-privileged ports so I'm not sure what's causing the connection to fail
in this case.
Dave
"Denise Schmidt" <denise.schmidt@lmco.com> wrote in message
news:54182907978dce56be59393be8a5b7bb$1@www.eclipse.org...
> Is there a limitation on using privileged ports (<1024) for the
> serverPortRange for RSE? We can use a privileged port for the daemon port
> but when we tried using privileged ports for the serverPortRange, it looks
> like it answers the connection request, but the connection fails.
>
> We are attempting this in an effort to make the connections more secure so
> if there is some limitation, we are interested in how we could remove the
> limitation.
>
> Thanks.
>]]>David McKnight2009-07-02T15:06:16-00:00Re: Using privileged ports for RSE
https://www.eclipse.org/forums/index.php/mv/msg/11813/581662/#msg_581662
running as root. So I think it must be failing because the server process
is running as the client user ID (auth.pl does an "su" to the client user
ID to spawn the server). I assume that the server runs as the client user
ID for a reason (exporting the client environment, client permissions,
etc).
So my next question would be is there a way that the server could maybe
start executing as root to bind the socket and make the connection, then
switch to the client user ID to get the proper environment and do the
remaining "real" work? Could that work or would there still be problems
sending data over the port?]]>Denise Schmidt2009-07-02T16:04:10-00:00Re: Using privileged ports for RSE
https://www.eclipse.org/forums/index.php/mv/msg/11813/36930/#msg_36930
running as root. So I think it must be failing because the server process
is running as the client user ID (auth.pl does an "su" to the client user
ID to spawn the server). I assume that the server runs as the client user
ID for a reason (exporting the client environment, client permissions,
etc).
So my next question would be is there a way that the server could maybe
start executing as root to bind the socket and make the connection, then
switch to the client user ID to get the proper environment and do the
remaining "real" work? Could that work or would there still be problems
sending data over the port?]]>Denise Schmidt2009-07-02T16:04:10-00:00Re: Using privileged ports for RSE
https://www.eclipse.org/forums/index.php/mv/msg/11813/581678/#msg_581678
denise.schmidt@lmco.com> wrote in message
news:863819bfe4506ac862880afe40272127$1@www.eclipse.org...
> In order to bind a socket to a privileged port, the process must be
> running as root. So I think it must be failing because the server process
> is running as the client user ID (auth.pl does an "su" to the client user
> ID to spawn the server). I assume that the server runs as the client user
> ID for a reason (exporting the client environment, client permissions,
> etc).
That would explain it then. The daemon needs to be run as root but the
servers that gets started as run as the client user.
> So my next question would be is there a way that the server could maybe
> start executing as root to bind the socket and make the connection, then
> switch to the client user ID to get the proper environment and do the
> remaining "real" work? Could that work or would there still be problems
> sending data over the port?
>
At the moment there is no ability to for the server to start executing as
root and then switch to the client user.]]>David McKnight2009-07-02T18:23:17-00:00Re: Using privileged ports for RSE
https://www.eclipse.org/forums/index.php/mv/msg/11813/36964/#msg_36964
denise.schmidt@lmco.com> wrote in message
news:863819bfe4506ac862880afe40272127$1@www.eclipse.org...
> In order to bind a socket to a privileged port, the process must be
> running as root. So I think it must be failing because the server process
> is running as the client user ID (auth.pl does an "su" to the client user
> ID to spawn the server). I assume that the server runs as the client user
> ID for a reason (exporting the client environment, client permissions,
> etc).
That would explain it then. The daemon needs to be run as root but the
servers that gets started as run as the client user.
> So my next question would be is there a way that the server could maybe
> start executing as root to bind the socket and make the connection, then
> switch to the client user ID to get the proper environment and do the
> remaining "real" work? Could that work or would there still be problems
> sending data over the port?
>
At the moment there is no ability to for the server to start executing as
root and then switch to the client user.]]>David McKnight2009-07-02T18:23:17-00:00