Go to main content

Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle® Solaris 11.3

Exit Print View

Updated: March 2019
 
 

Setting Up a Privileged Port

On transport protocols such as TCP, UDP, and SCTP, ports 1-1023 are by default privileged ports. To bind to a privileged port, a process must be running with root permissions. Ports that are greater than 1023 are by default non-privileged. You can use the ipadm command to extend the range of privileged ports, or you can mark specific ports in the non-privileged range as privileged ports.

To manage the range of privileged ports, you can customize the following transport protocol properties:

smallest_nonpriv_port

Specifies a value that indicates the beginning of the range of non-privileged port numbers, which are the ports to which regular users can bind. You can set individual ports within the non-privileged range as privileged ports. Use the ipadm show-prop command to display the property's values.

extra_priv_ports

Specifies which ports outside of the privileged range are also privileged. Use the ipadm set-prop command to specify ports that you want to restrict. You can assign multiple values to this property.

As an example, suppose you want to set TCP ports 3001 and 3050 as privileged ports, with access restricted to just the root role. The smallest_nonpriv_port property indicates that 1024 is the lowest port number for a non-privileged port. Therefore, you can change the designated ports 3001 and 3050 to privileged ports as follows:

# ipadm show-prop -p smallest_nonpriv_port tcp
PROTO PROPERTY                PERM   CURRENT   PERSISTENT   DEFAULT   POSSIBLE
tcp   smallest_nonpriv_port   rw     1024      --           1024      1024-32768

# ipadm show-prop -p extra_priv_ports tcp
PROTO   PROPERTY           PERM   CURRENT     PERSISTENT   DEFAULT     POSSIBLE
tcp     extra_priv_ports   rw     2049,4045   --           2049,4045   1-65535

# ipadm set-prop -p extra_priv_ports+=3001 tcp
# ipadm set-prop -p extra_priv_ports+=3050 tcp
# ipadm show-prop -p extra_priv_ports tcp
PROTO   PROPERTY           PERM   CURRENT     PERSISTENT   DEFAULT     POSSIBLE
tcp     extra_priv_ports   rw     2049,4045   3001,3050    2049,4045   1-65535
                                  3001,3050

You would remove a privileged port, for example 4045, as follows:

# ipadm set-prop -p extra_priv_ports-=4045 tcp
# ipadm show-prop -p extra_priv_ports tcp
PROTO   PROPERTY           PERM   CURRENT     PERSISTENT   DEFAULT     POSSIBLE
tcp     extra_priv_ports   rw     2049,3001   3001,3050    2049,4045   1-65535
                                  3050
Copyright © 2011, 2019, Oracle and/or its affiliates. All rights reserved. 
Previous
Next