Running IP server as non root on UNIX and Linux systems

Options for running as non root on UNIX and Linux systems describes two options that are used in conjunction with each other to run IP server as a server or as a service, as non root. These two options are only available on UNIX and Linux systems. These options are available for sm_server.
Options for running as non root on UNIX and Linux systems
Options
Descripiton
--privopen=<arg>[,<
arg
>]
This option is only used in conjuction with the --run-as-user option to run as non root.
Opens privileged sockets. The <
arg
> parameter has the following syntax:
<type>[:<
family
>]:<
port
>[,<
count
>]
where:
  • <
    type
    > is one of the following:
  • TCP (for a TCP connection)
  • UDP (for a datagram)
  • IP (for a raw socket)
  • <
    port
    > is one of the following:
  • The required privileged port for a TCP socket
  • The required privleged port for a UDP socket
  • The protocol for IP
  • <
    family
    > is one of the following:
  • :v4 (IPv4 address family)
  • :v6 (IPv6 address family)
  • If <
    family
    > is not specified, the address family defaults to IPv4.
  • <
    count
    > is the number of sockets of the type, family and port. The default count is 1.
--run-as-user=<
username
>
This option is only used in conjuction with the --privopen option to run as non root.
Specifies a valid user name.
The --privopen and --run-as-user options are used in conjunction to run a Domain Manager with non root privileges. The Domain Manager can startup as root, open privileged ports, and change to a non root user. You can open multiple ports by repeating the <arg> parameter. Each instance is separated by a comma (,). For example:
--privopen=UDP:v4:161,#2 --privopen=IP:1,#4 --privopen=IP:v6:58 --run-as-user=testuser1
In this example:
  • The first privopen line opens two UDP IPv4 sockets on port 161.
  • The second privopen line opens four raw IPv4 sockets for ICMP.
  • The third privopen line opens one raw IPv6: socket for ICMP.
    After the sockets are opened, the process will change to run as user, "testuser1".
    The following privileged port is required by the sm_server:
    port 162 (to listen to incoming traps).