Why don't particular flavors of the OS allow for < 1024 to be non-root?
Lukas
Because then ANYONE with a user account could bind a service to those ports. Then, to protect your server and your users, your only recourse would be to prevent any user accounts on the server EXCEPT root (because you couldn't trust anyone else), which would completely defeat the whole purpose of a MULTI-USER system.
Sure, its a GREAT idea to let ANYONE bind a homegrown version of sshd to port 22, that does nothing but log user accounts and passwords from people trying to login, but instead of doing anything else simply returns an innocuous message like "server's key is invalid" or something like that. Ditto a home-grown version of Apache. If you're the sys-admin, how would be able to trust the version of httpd that was on your system? How would you know it didn't have a trojan or something? You wouldn't, because anyone would be able to bind a service called "httpd" to port 80.
Think about it.
John
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
