Man Linux: Main Page and Category List

NAME

       authbind - bind sockets to privileged ports without root

SYNOPSIS

       authbind [options] program [argument ...]

DESCRIPTION

       authbind  allows  a program which does not or should not run as root to
       bind to low-numbered ports in a controlled way.

       You must invoke the program using authbind.  authbind will set up  some
       environment  variables,  including  an LD_PRELOAD, which will allow the
       program (including any subprocesses it may run) to bind to low-numbered
       (<512) ports if the system is configured to allow this.

OPTIONS

       --deep Normally,  authbind  arranges  for  only  the  program  which it
              directly invokes to  be  affected  by  its  special  version  of
              bind(2).   If  you  specify  --deep then all programs which that
              program invokes directly or indirectly will be affected, so long
              as  they  do  not  unset  the  environment  variables  set up by
              authbind.

       --depth levels
              Causes authbind to affect programs which are levels deep in  the
              calling graph.  The default is --depth 1.

ACCESS CONTROL

       Access  to low numbered ports is controlled by permissions and contents
       of files in a configuration area, /etc/authbind.

       Firstly,  /etc/authbind/byport/port  is  tested.   If  this   file   is
       accessible  for  execution to the calling user, according to access(2),
       then binding to the port is authorised.  If the file can be seen not to
       exist  (the  existence check returns ENOENT) then further tests will be
       used to find authorisation; otherwise, binding is not  authorised,  and
       the bind call will return with the errno value from the access(2) call,
       usually EACCES (Permission denied).

       Secondly,   if   that   test   fails    to    resolve    the    matter,
       /etc/authbind/byaddr/addr:port  is tested, in the same manner as above.

       Thirdly,   if   the   question   is   still   unresolved,   the    file
       /etc/authbind/byuid/uid  will be opened and read.  If the file does not
       exist then the binding is not authorised and  bind  will  return  EPERM
       (Operation  not  permitted,  or  Not owner).  If the file does exist it
       will be searched for a line of the form
            addr/length:min-port,max-port
       matching the request (ie, the initial length bits of addr  match  those
       in  the proposed bind call, and the proposed port number lies is in the
       inclusive range specified.  If such a line is found then the binding is
       authorised.   Otherwise  it  is not, and bind will fail with ENOENT (No
       such file or directory).

       In each case above,

       port   is the (local) TCP or UDP port number, expressed as an  unsigned
              integer in the minimal non-zero number of digits, and

       addr   is the (local) IP address, as a dotted quad.

       If  a  read  error  occurs,  or  the  directory /etc/authbind cannot be
       accessed, then not only will bind fail, but an error  message  will  be
       printed to stderr.  Unrecognised lines in /etc/authbind/byuid/uid files
       are silently ignored (as are lines whose addr has  non-zero  bits  more
       than length from the top).

MECHANISM

       The shared library loaded using LD_PRELOAD overrides the bind(2) system
       call.  When a program invoked via authbind calls bind to bind a  socket
       to  a low-numbered TCP/IP port, and if the program doesn’t already have
       an effective uid of 0, the version of bind supposed by  authbind  forks
       and  executes  a  setuid-root  helper program.  For non-TCP/IP sockets,
       high-numbered ports, or  programs  which  are  already  root,  authbind
       passes  the  call  to  the original bind(2) system call, which is found
       using dlsym(3) with the handle RTLD_NEXT.

ERROR HANDLING

       Usually the normal C error  handling  mechanisms  apply.   If  authbind
       cannot  find  the  program it has been asked to execute it will print a
       message to stderr and exit with code 255.

       The helper program usually reports back to the shared library  with  an
       exit  status  containing  an errno value which encodes whether the bind
       was permitted and successful.  This will be  returned  to  the  calling
       program in the usual way.

       In  the  case  of  apparent  configuration  or other serious errors the
       library and/or the helper program may cause messages to be  printed  to
       the program’s stderr, was well as returning -1 from bind.

BUGS

       authbind  currently  only  supports  IPv4 sockets.  Programs which open
       other kinds of sockets will not benefit from authbind, but it won’t get
       in their way.

       The  use  of  LD_PRELOAD  makes  an authbind installation specific to a
       particular C library.  This version is for GNU/Linux libc6 (glibc2).

       authbind may not operate correctly with multithreaded programs.  It  is
       inherently  very  difficult  (if not impossible) to perform the kind of
       trickery  that  authbind  does   while   preventing   all   undesirable
       interactions  between  authbind’s  activities  and  those  of  (say)  a
       threading runtime system.

       It is quite possible that authbind and other  programs  and  facilities
       which   use   LD_PRELOAD   may   interfere  with  each  other,  causing
       unpredictable  behaviour  or  even  core  dumps.   authbind  is   known
       sometimes  not  to  work  correctly  with  fakeroot,  for example (even
       supposing it  could  be  determined  what  ‘correctly’  means  in  this
       context).

       authbind  is  ineffective  with  setuid  programs,  because they do not
       honour  LD_PRELOAD  references  outside  the  system  directories,  for
       security   reasons.   (In  fact,  setuid  programs  should  not  honour
       LD_PRELOAD at all.)  Of course a  setuid-root  program  does  not  need
       authbind,  but  it  might  be  useful  to apply it to program which are
       setuid to another user or setgid.  If the author or builder of  such  a
       programs  wishes  it  to  use  authbind  they  could  have  it load the
       libauthbind library explicitly rather than via LD_PRELOAD.

       Some badly-written programs may have trouble because authbind spawns  a
       child  process  ‘under  their feet’, causing (for example) a fork(2) to
       happen and SIGCHLD signal to be delivered.  Programs should not rely on
       standard libraries not doing these things.

       Ports  from  512 to 1023 inclusive cannot be used with authbind because
       that would create a security hole, in conjection with rshd.

       The access control configuration scheme is somewhat strange.

FILES AND ENVIRONMENT VARIABLES

       /usr/lib/authbind/libauthbind.so.1.0
              The shared library which authbind  causes  to  be  loaded  using
              LD_PRELOAD,  and  which  actually  implements  the  diversion of
              bind(2) to an external program.

       LD_PRELOAD
              The  variable  used  by  the  dynamic   linker   when   starting
              dynamically  linked programs and deciding which shared libraries
              to load and modifed by the  authbind  program  to  allow  it  to
              override the usual meaning of bind(2).

       AUTHBIND_LIB
              If  set,  forces  authbind  to  use its value as the path to the
              shared library to put in LD_PRELOAD, instead of the  compiled-in
              value.   In any case, unless --deep was specified, authbind will
              set this variable to the name of the library actually  added  to
              LD_PRELOAD,  so  that  the library can find and remove the right
              entry.

       AUTHBIND_LEVELS
              This variable is set by authbind to the number  of  levels  left
              from the --depth or --deep option, minus one.  It is decremented
              during _init by the  library  on  each  program  call,  and  the
              library  will  remove itself from the LD_PRELOAD when it reaches
              zero.  The special value y means --deep was specified.

SEE ALSO

       bind(2), authbind-helper(8), dlsym(3), ld.so(8)

AUTHOR

       authbind and this manpage  were  written  by  Ian  Jackson.   They  are
       Copyright  (C)1998  by  him  and  released under the GNU General Public
       Licence; there is NO  WARRANTY.   See  /usr/doc/authbind/copyright  and
       /usr/doc/copyright/GPL for details.