Allow/Deny a user from binding a range of ports

networking permissions

Solution 1:

Based on the article I'm attaching you have a few possible options and you can combine them:

  1. SELinux - As was stated earlier you might have to set a policy to restrict this to specific processes such as bind system calls and the like.
  2. GRSecurity - The article is stating that you would have to make this application specific so I'm wondering if you just defined the application as the users shell (i.e. /bin/bash) this might work.

There are others listed that seem to fall in line with GRSecurity, but if you do pursue GRSecurity you need to make sure that your kernel has it enabled.

How can I restrict ports for users to bind to?

Solution 2:

One approach would be to run port reserve which can be found in ubuntu, this allows you to bind to the ports which would then be reserved disallowing anyone else to bind to them.

Related

Why is there no guayadeque in 16.04?
Choppy Video playback on Ubuntu 20.04
Using NX with Unity in 11.10
How to lock desktop icons on XFCE
BIOS does not detect SSD after reboot from ubuntu 16.04 (Dell XPS 15)
status: Unable to connect to Upstart:
Initialising the Build Environment for Android on 64-bit 12.04
Where is the storage location of Ubuntu terminal in Windows 10? [duplicate]
how to install Wifi and Bluetooth drivers in ubuntu 12.04 lts [duplicate]
How to remove files hidden under /tmp mountpoint?
Data doesn't get transferred correctly to USB, why?
RTNETLINK answers: file exists - configure interface