Allow/Deny a user from binding a range of ports
Solution 1:
Based on the article I'm attaching you have a few possible options and you can combine them:
- SELinux - As was stated earlier you might have to set a policy to restrict this to specific processes such as bind system calls and the like.
- GRSecurity - The article is stating that you would have to make this application specific so I'm wondering if you just defined the application as the users shell (i.e. /bin/bash) this might work.
There are others listed that seem to fall in line with GRSecurity, but if you do pursue GRSecurity you need to make sure that your kernel has it enabled.
How can I restrict ports for users to bind to?
Solution 2:
One approach would be to run port reserve which can be found in ubuntu, this allows you to bind to the ports which would then be reserved disallowing anyone else to bind to them.