我想dhcpd3
从 chroot jail运行Debian Lenny
。目前,我可以从 jail 以 root 身份运行它。
现在我想以非root用户身份执行此操作(作为“-u blah -t /path/to/jail”绑定选项)。
如果我像这样开始我的过程:
启动-停止守护进程 --chroot /home/jails/dhcp --chuid dhcp \ --start --pid文件 /home/jails/dhcp/var/run/dhcp.pid --exec /usr/sbin/dhcpd3
我被这些错误困扰:
互联网系统联盟 DHCP 服务器 V3.1.1 版权所有 2004-2008 互联网系统联盟。 版权所有。 有关信息,请访问 http://www.isc.org/sw/dhcp/ 无法创建 icmp 套接字:操作不允许 将 0 个已删除的主机声明写入租约文件。 已将 0 个新的动态主机声明写入租约文件。 已将 0 条租约写入租约文件。 为 LPF 打开套接字:操作不允许
strace:
brk(0)=0x911b000 fcntl64(0,F_GETFD) = 0 fcntl64(1,F_GETFD) = 0 fcntl64(2,F_GETFD) = 0 access("/etc/suid-debug", F_OK) = -1 ENOENT (没有此文件或目录) access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (没有此文件或目录) mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb775d000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (没有此文件或目录) open("/etc/ld.so.cache", O_RDONLY) = -1 ENOENT (没有此文件或目录) open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/lib/tls/i686/cmov", 0xbfc2ac84) = -1 ENOENT (没有此文件或目录) open("/lib/tls/i686/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/lib/tls/i686", 0xbfc2ac84) = -1 ENOENT (没有此文件或目录) open("/lib/tls/cmov/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64(“/lib/tls/cmov”, 0xbfc2ac84) = -1 ENOENT (没有此文件或目录) open("/lib/tls/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64(“/lib/tls”,0xbfc2ac84) = -1 ENOENT(没有此文件或目录) open("/lib/i686/cmov/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/lib/i686/cmov", 0xbfc2ac84) = -1 ENOENT (没有此文件或目录) open("/lib/i686/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/lib/i686", 0xbfc2ac84) = -1 ENOENT (没有此文件或目录) open("/lib/cmov/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/lib/cmov", 0xbfc2ac84) = -1 ENOENT (没有此文件或目录) 打开(“/lib/libc.so.6”,O_RDONLY)= 3 读取(3,“\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260e\1\0004\0\0\0t” ...,512)= 512 fstat64 (3,{st_mode=S_IFREG|0755,st_size=1294572,...}) = 0 mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb775c000 mmap2(NULL,1300080,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE,3,0) = 0xb761e000 mmap2(0xb7756000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x138) = 0xb7756000 mmap2(0xb7759000, 9840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7759000 关闭(3)= 0 mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb761d000 设置线程区域({entry_number:-1 -> 6,base_addr:0xb761d6b0,限制:1048575,seg_32bit:1,内容:0,read_exec_only:0,limit_in_pages:1,seg_not_present:0,可用:1})= 0 mprotect(0xb7756000, 4096, PROT_READ) = 0 打开(“/dev/null”,O_RDWR) = 3 关闭(3)= 0 brk(0)=0x911b000 brk(0x913c000)=0x913c000 套接字(PF_FILE,SOCK_DGRAM,0)= 3 fcntl64(3,F_SETFD,FD_CLOEXEC) = 0 连接(3,{sa_family = AF_FILE,路径“ / dev / log” ...},110)= 0 时间(空)= 1284760816 打开(“/etc/localtime”, O_RDONLY) = 4 fstat64(4,{st_mode=S_IFREG|0644,st_size=2945,...}) = 0 fstat64(4,{st_mode=S_IFREG|0644,st_size=2945,...}) = 0 mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb761c000 读取(4,“TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\f\0\0\0\f\0\0\0\0\0”...,4096)= 2945 _llseek(4,-28,[2917],SEEK_CUR) = 0 读取(4,“\nCET-1CEST,M3.5.0,M10.5.0/3\n”...,4096)= 28 关闭(4)= 0 munmap(0xb761c000, 4096) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd:实习生”...,73,MSG_NOSIGNAL)= 73 写入(2,“Internet 系统联盟 DHCP”...,46Internet 系统联盟 DHCP 服务器 V3.1.1)= 46 写入(2,“\n”...,1 )= 1 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd:Copyri”...,75,MSG_NOSIGNAL)= 75 写入(2,“版权所有 2004-2008 互联网系统”...,48版权所有 2004-2008 互联网系统联盟。)= 48 写入(2,“\n”...,1 )= 1 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd:所有 ri”...,47,MSG_NOSIGNAL)= 47 写入(2,“保留所有权利。”...,20保留所有权利。)= 20 写入(2,“\n”...,1 )= 1 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd: For in”...,77,MSG_NOSIGNAL)= 77 write(2, "有关信息,请访问 http://www"..., 50有关信息,请访问 http://www.isc.org/sw/dhcp/) = 50 写入(2,“\n”...,1 )= 1 套接字(PF_FILE, SOCK_STREAM, 0) = 4 fcntl64(4,F_SETFL,O_RDWR|O_NONBLOCK) = 0 连接(4,{sa_family = AF_FILE,path =“/ var / run / nscd / socket” ...},110)= -1 ENOENT(没有这样的文件或目录) 关闭(4)= 0 套接字(PF_FILE, SOCK_STREAM, 0) = 4 fcntl64(4,F_SETFL,O_RDWR|O_NONBLOCK) = 0 连接(4,{sa_family = AF_FILE,path =“/ var / run / nscd / socket” ...},110)= -1 ENOENT(没有这样的文件或目录) 关闭(4)= 0 打开(“/etc/nsswitch.conf”, O_RDONLY) = 4 fstat64(4,{st_mode=S_IFREG|0644,st_size=475,...}) = 0 mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb761c000 读取(4,“# /etc/nsswitch.conf\n#\n# 示例“...,4096)= 475 读取(4,“”...,4096)= 0 关闭(4)= 0 munmap(0xb761c000, 4096) = 0 open("/lib/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) open("/usr/lib/tls/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/tls/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/tls/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/tls/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/tls/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/tls/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64(“/usr/lib/tls”,0xbfc2ad5c) = -1 ENOENT(没有此文件或目录) open("/usr/lib/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib",0xbfc2ad5c) = -1 ENOENT(没有此文件或目录) open("/lib/i486-linux-gnu/tls/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/lib/i486-linux-gnu/tls/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/lib/i486-linux-gnu/tls/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/lib/i486-linux-gnu/tls/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/lib/i486-linux-gnu/tls/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64(“/lib/i486-linux-gnu/tls/cmov”,0xbfc2ad5c) = -1 ENOENT(没有此文件或目录) open("/lib/i486-linux-gnu/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64(“/lib/i486-linux-gnu/tls”,0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/lib/i486-linux-gnu/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/lib/i486-linux-gnu/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/lib/i486-linux-gnu/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/lib/i486-linux-gnu/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/lib/i486-linux-gnu/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64(“/lib/i486-linux-gnu/cmov”,0xbfc2ad5c) = -1 ENOENT(没有此文件或目录) open("/lib/i486-linux-gnu/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64(“/lib/i486-linux-gnu”,0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/i486-linux-gnu/tls/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/i486-linux-gnu/tls/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/i486-linux-gnu/tls/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/i486-linux-gnu/tls/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/i486-linux-gnu/tls/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/i486-linux-gnu/tls/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/i486-linux-gnu/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64(“/usr/lib/i486-linux-gnu/tls”,0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/i486-linux-gnu/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/i486-linux-gnu/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/i486-linux-gnu/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/i486-linux-gnu/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/i486-linux-gnu/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/i486-linux-gnu/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) open("/usr/lib/i486-linux-gnu/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录) stat64("/usr/lib/i486-linux-gnu", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录) 打开(“/lib/libnss_files.so.2”,O_RDONLY)=4 读取(4,“\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\30\0\0004\0\0\0\250” ...,512)= 512 fstat64 (4,{st_mode=S_IFREG|0644,st_size=38408,...}) = 0 mmap2(NULL,41624,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE,4,0) = 0xb7612000 mmap2(0xb761b000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE,4,0x8) = 0xb761b000 关闭(4)= 0 打开(“/etc/services”, O_RDONLY|O_CLOEXEC) = 4 fcntl64(4,F_GETFD) = 0x1 (标志 FD_CLOEXEC) fstat64 (4,{st_mode=S_IFREG|0644,st_size=18480,...}) = 0 mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb7611000 read(4, "# 网络服务, 互联网风格"..., 4096) = 4096 读取(4,“9/tcp\t\t\t\t# 快速邮件传输协议”...,4096)= 4096 读取(4,“note\t1352/tcp\tlotusnotes\t# Lotus”...,4096)= 4096 读取(4,“tion\nafs3-kaserver\t7004/udp\nafs3-”...,4096)= 4096 读取(4,“backup\t2989/tcp\t\t\t# Afmbackup sys”...,4096)= 2096 读取(4,“”...,4096)= 0 关闭(4)= 0 munmap(0xb7611000, 4096) = 0 时间(空)= 1284760816 打开(“/etc/protocols”,O_RDONLY|O_CLOEXEC) = 4 fstat64(4,{st_mode=S_IFREG|0644,st_size=2626,...}) = 0 mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb7611000 读取(4,“# Internet(IP)协议\n#\n# Upd”...,4096)= 2626 关闭(4)= 0 munmap(0xb7611000, 4096) = 0 socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = -1 EPERM(操作不允许) 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd:无法”...,80,MSG_NOSIGNAL)= 80 写入(2,“无法创建 icmp 套接字:Ope”...,53无法创建 icmp 套接字:操作不允许)= 53 写入(2,“\n”...,1 )= 1 打开(“/etc/dhcp3/dhcpd.conf”,O_RDONLY)= 4 lseek (4,0,SEEK_END) = 1426 lseek (4,0,SEEK_SET) = 0 读取(4,“#----------------------------\n# G”...,1426)= 1426 关闭(4)= 0 mmap2(NULL,401408,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb75b0000 mmap2(NULL,401408,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb754e000 mmap2(NULL,401408,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb74ec000 brk(0x916f000)=0x916f000 关闭(3)= 0 套接字(PF_FILE,SOCK_DGRAM,0)= 3 fcntl64(3,F_SETFD,FD_CLOEXEC) = 0 连接(3,{sa_family = AF_FILE,路径“ / dev / log” ...},110)= 0 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd:Inter”...,74,MSG_NOSIGNAL)= 74 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd:Copyr”...,76,MSG_NOSIGNAL)= 76 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd:全部 r”...,48,MSG_NOSIGNAL)= 48 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd: 对于 i”...,78,MSG_NOSIGNAL)= 78 打开(“/var/lib/dhcp3/dhcpd.leases”,O_RDONLY)= 4 lseek (4,0,SEEK_END) = 126 lseek (4,0,SEEK_SET) = 0 read(4, "# 该文件的格式是 docu"..., 126) = 126 关闭(4)= 0 打开(“/var/lib/dhcp3/dhcpd.leases”,O_WRONLY|O_CREAT|O_APPEND,0666)= 4 fstat64(4,{st_mode=S_IFREG|0644,st_size=126,...}) = 0 mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb74eb000 fstat64(4,{st_mode=S_IFREG|0644,st_size=126,...}) = 0 _llseek(4, 126, [126],SEEK_SET) = 0 时间(空)= 1284760816 时间(空)= 1284760816 打开(“/var/lib/dhcp3/dhcpd.leases.1284760816”,O_WRONLY|O_CREAT|O_TRUNC,0664)= 5 fcntl64(5,F_GETFL) = 0x1 (标志 O_WRONLY) fstat64(5,{st_mode=S_IFREG|0644,st_size=0,...}) = 0 mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb74ea000 _llseek(5,0,[0],SEEK_CUR) = 0 关闭(4)= 0 munmap(0xb74eb000, 4096) = 0 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd:写入”...,70,MSG_NOSIGNAL)= 70 写入(2,“将 0 个已删除的主机声明写入 leas 文件”...,42将 0 个已删除的主机声明写入 leases 文件。)= 42 写入(2,“\n”...,1 )= 1 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd:写入”...,74,MSG_NOSIGNAL)= 74 write(2, “将 0 个新的动态主机声明写入”..., 46将 0 个新的动态主机声明写入 leases 文件。) = 46 写入(2,“\n”...,1 )= 1 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd:写入”...,58,MSG_NOSIGNAL)= 58 write(2, “将 0 个租约写入租约文件。”..., 30将 0 个租约写入租约文件。) = 30 写入(2,“\n”...,1 )= 1 write(5, "# 该文件的格式是 docu"..., 126) = 126 fsync(5)= 0 取消链接(“/var/lib/dhcp3/dhcpd.leases~”)= 0 链接(“/var/lib/dhcp3/dhcpd.leases”,“/var/lib/dhcp3/dhcpd.leases~”)= 0 重命名(“/var/lib/dhcp3/dhcpd.leases.1284760816”,“/var/lib/dhcp3/dhcpd.leases”)= 0 套接字(PF_INET,SOCK_DGRAM,IPPROTO_UDP)=4 ioctl(4,SIOCGIFCONF,{0 -> 64,NULL}) = 0 ioctl(4,SIOCGIFCONF,{64,{{“lo”,{AF_INET,inet_addr(“127.0.0.1”)}},{“eth0”,{AF_INET,inet_addr(“192.168.0.10”)}}}}) = 0 ioctl(4,SIOCGIFFLAGS,{ifr_name="lo",ifr_flags=IFF_UP|IFF_LOOPBACK|IFF_RUNNING})= 0 ioctl(4,SIOCGIFFLAGS,{ifr_name="eth0",ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST})= 0 ioctl(4,SIOCGIFHWADDR,{ifr_name="eth0",ifr_hwaddr=00:c0:26:87:55:c0})= 0 socket(PF_PACKET, SOCK_PACKET, 768) = -1 EPERM (操作不允许) 时间(空)= 1284760816 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0 发送(3,“9 月 18 日 00:00:16 dhcpd:打开”...,74,MSG_NOSIGNAL)= 74 write(2, "为 LPF 打开套接字:操作 "..., 46为 LPF 打开套接字:操作不允许) = 46 写入(2,“\n”...,1 )= 1 退出组(1)=?
我知道dhcpd
想要在端口 67 上创建套接字...但我不知道如何通过 chroot 来授权。
任何想法?
答案1
为了绑定到端口 <1024,您通常需要具有超级用户权限或具有以下能力CAP_NET_BIND_SERVICE
(请参阅capabilities(7)
)。
您可以使用CAP_NET_BIND_SERVICE
实用setcap
程序(包libcap2-bin)