SELECT
‘#bicycle 🚴♂️’
,‘#databases’
,‘#sql’
,‘#selfhosting’
,‘#Linux 🐧’
,‘Team vi’
,‘#mdRzA’
,‘Generation X’
FROM life
WHERE 0 = 0
;
@SinTan1729 Thank you, now I can better understand why you want to avoid to open the privileged ports for non-root users which makes sense for your scenario.
I’m in the easy situation, that I don’t have to think about such a scenario, because my selfhosting system is exclusive for me.
@SinTan1729 How many user do you have on your machine, which could open and run a service on a privileged port?
And when there is no application, which is providing a service on a privileged port, then there is no security issue from my point of view.
And if you want to get absolutely secure, then you can restrict the access only to specific ports based on firewall rules.
https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands#how-to-allow-all-incoming-http-and-https
@SinTan1729 Using privileged ports can be activated with a sysctl setting:
https://access.redhat.com/solutions/7044059
I don’t know the exact agreement with your friends, but to avoid security issues I personally would use following way:
- deny usage of all ports by firewall
- allow only necessary ports by firewall
- enable privileged ports by sysctl
So it reduces additional layers and complexity.
If one of your friends would provide a service on a specific port it has to be discussed with you.
And if this is a privileged port, it is also possible.
Or you can handle e.g. a web request with a rule in caddy.