On transport protocols such as TCP, UDP, and SCTP, ports 1-1023 are by default privileged ports. To bind to a privileged port, a process must be running with root permissions. Ports that are greater than 1023 are by default non-privileged. You can use the ipadm command to extend the range of privileged ports, or you can mark specific ports in the non-privileged range as privileged ports.
To manage the range of privileged ports, you can customize the following transport protocol properties:
Specifies a value that indicates the beginning of the range of non-privileged port numbers, which are the ports to which regular users can bind. You can set individual ports within the non-privileged range as privileged ports. Use the ipadm show-prop command to display the property's values.
Specifies which ports outside of the privileged range are also privileged. Use the ipadm set-prop command to specify ports that you want to restrict. You can assign multiple values to this property.
As an example, suppose you want to set TCP ports 3001 and 3050 as privileged ports, with access restricted to just the root role. The smallest_nonpriv_port property indicates that 1024 is the lowest port number for a non-privileged port. Therefore, you can change the designated ports 3001 and 3050 to privileged ports as follows:
# ipadm show-prop -p smallest_nonpriv_port tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768 # ipadm show-prop -p extra_priv_ports tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535 # ipadm set-prop -p extra_priv_ports+=3001 tcp # ipadm set-prop -p extra_priv_ports+=3050 tcp # ipadm show-prop -p extra_priv_ports tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp extra_priv_ports rw 2049,4045 3001,3050 2049,4045 1-65535 3001,3050
You would remove a privileged port, for example 4045, as follows:
# ipadm set-prop -p extra_priv_ports-=4045 tcp # ipadm show-prop -p extra_priv_ports tcp PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE tcp extra_priv_ports rw 2049,3001 3001,3050 2049,4045 1-65535 3050