On Fri, 2006-10-27 at 23:44 -0400, James Stickland wrote: > Hello, im running openssh 4.4p1 for Linux > > I setuid the sshd binary to execute as a normal user "joe" > but that user does not have permission to bind the socket. > > > > How can i have my sshd run as non-root, yet still bind the socket?
Only root can bind to ports < 1024. So if ssh is going to become non-root, it must start as root and then drop its privileges after it binds to the port. Further, it needs the ability to setuid() to the user who logs in. If you're wanting to understand or control the user OpenSSH runs as, look at its privilege separation capabilities. Not sure if they're available in non-OpenBSD OpenSSH, but they should be the tool for what you're wanting. - Michael
