What account permissions are needed to allow a user program to access the network?

Support & Help Requests Raspberry Pi
#1

I have a small Python demo program that is trying to set up a server socket and respond to simple telnet requests.

import time
import socket # Import socket module

# display a message on the console
def log(line) :

  • "Display a message on the console wiht the current date and time"*
  • localtime = time.asctime( time.localtime(time.time()) )*
  • print(localtime, line)*
  • return*

# ----- main program -----

s = socket.socket() # Create a socket object
host = socket.gethostname() # Get local machine name
hostAddress = socket.gethostbyname(host)
port = 23 # Reserve a port for your service.
log (f"Binding host: {host} at address: {hostAddress} to port: {port}")
s.bind(("0.0.0.0", port)) # Bind to the port

s.listen(5) # Now wait for client connection.
receivedData = "waiting"
while len(receivedData) > 0 :

  • log("Waiting for input...")*
  • c, addr = s.accept() # Establish connection with client.*
  • log (f"Got connection from: {addr}")*
  • receivedData = ""*
  • receivedByte = c.recv(1)*
  • while len(receivedByte) > 0 and receivedByte not in b'\n' :*
  •    receivedData = receivedData + receivedByte.decode("utf-8")*

  •    log (f"Received byte: {receivedByte.decode('utf-8')}" )*

  •    receivedByte = c.recv(1)*
  • if len(receivedData) > 1 and receivedData not in "\n" :*
  •    log(f"Received data string: {receivedData}" )*

  •    c.send(bytes(f"Thank you for sending me: {len(receivedData)} bytes\r\n", "utf-8"))*
  • else :*
  •    c.send(bytes(f"That's all folks!\r\n", "utf-8"))*

  •    receivedData = ""       #terminate main listening loop*
  • c.close() # Close the connection*
    log("Program exiting")
    s.close() # that's all folks!

It works perfectly on Windows but fails on Linux because it isn't allowed to use the network. I tried adding the user account I am running it from to the "netdev" group, but it still can't run successfully and produces the following error:

Traceback (most recent call last):

  • File "/home/david2/python programs/socketTest.py", line 18, in *
  • s.bind(("0.0.0.0", port)) # Bind to the port*
    PermissionError: [Errno 13] Permission denied

So what do I need to do to allow my user account to run programs which can directly access the primitive network functions? Aside from the "netdev" group, I don't see any other groups that look like they would have anything to do with these permissions. Thanks for any assistance you can provide!

#2

TLDR: account permissions needed are root for low-numbered ports, any user can access ports 1024+ .

In Linux, all ports numbered below 1024 are privileged, and access has to be suid or made by root. You can 1) use a higher numbered port, preferably one not already "allocated" to another program, 2) redirect traffic to/from your low port to a high port using iptables, 3) run your program as root (probably not a good idea--you're eliminating all protections if something goes wrong), or 4) figure out how to securely and safely do a suid setup.

Port 23 is reserved for telnet. Any other software connecting is going to expect to connect to telnet (or something functionally like it) at that port. If you're on an isolated host, testing should be fine, but it seems a huge security risk to expose an open port 23 to the internet, or perhaps even to a multi-user local network. A software firewall on the same host does not count as protection.

One caveat: I'm neither a network guru nor a professional coder--just a sysadmin.

1 Like
#3

Thanks - that's a very helpful explanation! As the simplest solution, I'll try a higher port number to see if that will get past the bind() error.