Security

SUID - running as non root but use port 80

Explorer

I wanted to splunk searchead to run as nonroot but to use port 80. I tried to suid on splunk binary but it's having problems finding the libaries. I setup LD_LIBRARY_PATH but it's not using external LD_LIBRARY_PATH. Is there a way to set LD_LIBRARY_PATH before starting splunk?

I used following commands for suid.
chown root /opt/splunk/bin/splunk
chmod 4755 /opt/splunk/bin/splunk

Thanks,
Thiru.

Tags (1)

Legend

Splunk will need root privileges to be able to listen to port 80. You could either mess around with suid bits and in the end miss the point of why you'd want Splunk not to run as root anyway, or you could have Splunk run completely as non-root and use iptables for redirecting incoming traffic on port 80 to whatever non-privileged port you configure Splunk to use.

For instance, with Splunk listening to port 8000:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8000
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!