LINUX: How to use privileged/root ports (ports below 1024) as an unprivileged user running Mercury rather than utilizing port forwarding to higher ports.
---------------------------------------------
These instructions are for Ubuntu server 14.04.4 32bit with a minimal install of the MATE desktop environment. You may have to make instruction alterations to meet the requirements of your linux release, flavor and desktop environment.
For the sake of simplicity the unprivileged user in this tutorial will be steve. The default ***LINUX*** path to Mercury's home will be /lmc/D/Mercury. You MUST adjust the unprivileged user and LINUX path to your Mercury to fit your situation. I won't be mentioning this again.
Most of this setup work is done in a non-root terminal. In a couple of instances a text editor is called to edit files. I use MATE's pluma text editor when possible. Substitute your desired/available text editor in those instances.
---------------------------------------------
Step 1: privbind
Per the website: https://github.com/JiriHorky/privbind
"Privbind is a small tool allowing secure running of unprivileged programs, but allowing them to bind to privileged (<1024) TCP/UDP ports. Privbind has a secure design, with no SUID executables and no daemons."
Known to work on 2.6 kernel or better. uname -r in a terminal will display the kernel you're using.
Installation:
sudo apt-get install privbind
To manually run privbind:
sudo privbind -u steve wine /lmc/D/Mercury/mercury.exe
This will start Mercury by unprivileged user steve and allow you to configure Mercury to utilize port 25, 587, 110, etc.
---------------------------------------------
Auto-Starting:
You are probably going to want to automatically start Mercury at startup and maybe have a desktop or panel launcher, etc. That can be done utilizing the manual start command given above but there is a caveat. Steve starts Mercury with the command but root is required to run privbind to initiate that Mercury start. That requires sudo and sudo requires a password. An entry can be made in /etc/sudoers that allows steve to run a specific command without a password being entered for sudo.
Here's How:
sudo pluma /etc/sudoers
Add this after your other sudo user rules:
steve ALL=(ALL:ALL) NOPASSWD:/usr/sbin/privbind -u steve wine /lmc/D/Mercury/mercury.exe
Now, you can use the command ---
sudo privbind -u steve wine /lmc/D/Mercury/mercury.exe
--- as the command in a desktop or panel launcher or Startup Applications entry because a password is no longer asked for for that specific command when run by steve.
-----------------------------
That's about it.
I am not going to go into how to make launchers, Startup Applications, etc. Google is your friend.
*** Don't forget to update your firewall rules to open up the new ports you plan to use.***
<p>LINUX: How to use privileged/root ports (ports below 1024) as an unprivileged user running Mercury rather than utilizing port forwarding to higher ports.
---------------------------------------------
These instructions are for Ubuntu server 14.04.4 32bit with a minimal install of the MATE desktop environment. You may have to make instruction alterations to meet the requirements of your linux release, flavor and desktop environment.
For the sake of simplicity the unprivileged user in this tutorial will be steve. The default ***LINUX*** path to Mercury's home will be /lmc/D/Mercury. You MUST adjust the unprivileged user and LINUX path to your Mercury to fit your situation. I won't be mentioning this again.
Most of this setup work is done in a non-root terminal. In a couple of instances a text editor is called to edit files. I use MATE's pluma text editor when possible. Substitute your desired/available text editor in those instances.
---------------------------------------------
Step 1: privbind
Per the website: <a mce_href="https://github.com/JiriHorky/privbind" href="https://github.com/JiriHorky/privbind">https://github.com/JiriHorky/privbind</a>
"Privbind is a small tool allowing secure running of unprivileged programs, but allowing them to bind to privileged (&lt;1024) TCP/UDP ports. Privbind has a secure design, with no SUID executables and no daemons."
Known to work on 2.6 kernel or better. uname -r in a terminal will display the kernel you're using.
Installation:
sudo apt-get install privbind
To manually run privbind:
sudo privbind -u steve wine /lmc/D/Mercury/mercury.exe
This will start Mercury by unprivileged user steve and allow you to configure Mercury to utilize port 25, 587, 110, etc.
---------------------------------------------
Auto-Starting:
You are probably going to want to automatically start Mercury at startup and maybe have a desktop or panel launcher, etc. That can be done utilizing the manual start command given above but there is a caveat. Steve starts Mercury with the command but root is required to run privbind to initiate that Mercury start. That requires sudo and sudo requires a password. An entry can be made in /etc/sudoers that allows steve to run a specific command without a password being entered for sudo.
Here's How:
sudo pluma /etc/sudoers
Add this after your other sudo user rules:
steve ALL=(ALL:ALL) NOPASSWD:/usr/sbin/privbind -u steve wine /lmc/D/Mercury/mercury.exe
Now, you can use the command ---
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sudo privbind -u steve wine /lmc/D/Mercury/mercury.exe
--- as the command in a desktop or panel launcher or Startup Applications entry because a password is no longer asked for for that specific command when run by steve.&nbsp;
-----------------------------
That's about it.
I am not going to go into how to make launchers, Startup Applications, etc. Google is your friend.
*** Don't forget to update your firewall rules to open up the new ports you plan to use.***
</p>