Simple Privileged Port Binding on Solaris

Binding to a privileged port (1-1024) on UNIX and Linux operating systems typically requires root permissions. However, for security reasons, you want to avoid running daemons as root. This typically means UNIX daemons are coded to start as root to bind to a privileged port, then drop to a less privileged user to service requests by executing a setuid() function call.

If you're running vendor packaged software, such as Apache or an FTP server, you don't typically have to worry about this as the software supports this daemon trickery out of the box. On the other hand, if you're writing your own daemon in an interpreted language or Java and need to listen on a privileged port, you'll need a to implement code or use one of the many open source solutions provided by third parties for various languages to drop root. However, if you're running on Solaris or Open Solaris, there's an easier way. Simply grant binding to privileged ports to a non-root user. As root, issue the command:

usermod -K defaultpriv=basic,net_privaddr someuser

After executing the above as root, the user to which you granted this permission, someuser in the example, will be able to bind to privileged ports without needing to be initially executed as the root user.