Running as non root on UNIX and Linux systems

Additional options for running as non rooton UNIX and Linux systems describes two options that are used in conjunction with each other to run as non root. These two options are only available on UNIX and Linux systems. These options are available for the sm_server, brstart, and sm_adapter commands.

Table 1. Additional options for running as non rooton UNIX and Linux systems
Options	Description
--privopen=<arg>[,<arg>]	Note: This option is only used in conjuction with the --run-as-user option to run as non root. Opens privileged sockets. The <arg> parameter has the following syntax: <type>[:<family>]:<port>[,<count>] where: <type> is one of the following: TCP (for a TCP connection) UDP (for a datagram) IP (for a raw socket) <port> is one of the following: The required privileged port for a TCP socket The required privleged port for a UDP socket The protocol for IP <family> is one of the following: :v4 (IPv4 address family) :v6 (IPv6 address family) If <family> is not specified, the address family defaults to IPv4. <count> is the number of sockets of the type, family and port. The default count is 1.
--run-as-user=<username>	Note: This option is only used in conjuction with the --privopen option to run as non root. Specifies a valid user name.

The --privopen and --run-as-user options are used in conjunction to run a Domain Manager with non root privileges. The Domain Manager can startup as root, open privileged ports, and change to a non root user.

You can open multiple ports by repeating the <arg> parameter. Each instance is separated by a comma (,). For example:

--privopen=UDP:v4:161,2 
--privopen=IP:1,4 
--privopen=IP:v6:1 
--run-as-user=testuser1

In this example:

The first privopen line opens two UDP IPv4 sockets on port 161.
The second privopen line opens four raw IPv4 sockets for ICMP.
The third privopen line opens one raw IPv6: socket for ICMP.

After the sockets are opened, the process will change to run as user, "testuser1".