Privileged ports for running local services
To prevent regular users from running servers at specific ports, these ports can be designated as privileged.
Normally any user can open any port above 1024. For example, a user could place a server at port 8080, which is quite often used to run Web proxies or at 1080 where one typically finds a SOCKS server. The dacinet setpriv command can be used to add privileged ports to the running system. Ports that are to be designated as privileged when the system starts have to be listed in /etc/security/priv.
Ports can be listed in this file either with their symbolic
name as defined in /etc/services or by specifying
the port number. The following entries would disallow non-root users
to run SOCKS servers or Lotus
Notes servers on their usual ports:
1080
lotusnoteNote: This feature does not prevent the user from running the programs. It will only prevent the user from running
the services at the well known ports where those services are typically
expected.