How to run GitBridge on privileged port by non-root Linux user

book

Article ID: 197286

calendar_today

Updated On:

Products

CA Endevor Software Change Manager (SCM)

Issue/Introduction

The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run application on them.

Root can start Endevor Bridge for Git application on privileged port such as 443. 

What about non-root user, can non-root user start GitBridge application on port 443 ? 

 

Environment

Release : 18.0

Component : CA Endevor Software Change Manager

Bridge4Git

Resolution

One of the option is use open source software called AUTHBIND. 

Install AUTHBIND: 

Find a compatible AUTHBIND rpm from the github project (this example rpm is compatible with Linux 7) 

wget https://s3.amazonaws.com/aaronsilber/public/authbind-2.1.1-0.1.x86_64.rpm
rpm -Uvh authbind-2.1.1-0.1.x86_64.rpm

Once AUTHBIND is installed, issue the following command by root:

touch /etc/authbind/byport/443
chmod 500 /etc/authbind/byport/443
chown testuser /etc/authbind/byport/443              (in this example testuser is the non-root user id)

Then switch to non-root user and use the following command to start the GitBridge application:

authbind --deep java -jar BridgeForGit-2.4.2.jar                  

 

The other option is to set Linux port redirection.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443

In the above example: root run iptables command, this will allow port 443 redirect to port non-privileged port such as 8443. 

Set port to 8443 in application.yml, then non-root user can bring up Gitbridge application on non-privileged port. 

With this option, all network traffic redirect to port 8443, but GitBridge application seems to be running under port 443 from outside.