Restrict inbound access on localhost:TCP port

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












For reasons beyond my control, I have a binary that binds to TCP "localhost:$PORT". (Unix socket bindings would make this question moot).



If I understand correctly, this means that although no network machine can connect, other users on the machine (including unprivileged daemon users) can connect to this port.



Is there some way for me to specify that only binaries running as $me should be allowed to connect to this port? I can become root in order to specify the configuration, but the listening binary and the connecting binaries both run as the non-root $me user









share

























    up vote
    0
    down vote

    favorite












    For reasons beyond my control, I have a binary that binds to TCP "localhost:$PORT". (Unix socket bindings would make this question moot).



    If I understand correctly, this means that although no network machine can connect, other users on the machine (including unprivileged daemon users) can connect to this port.



    Is there some way for me to specify that only binaries running as $me should be allowed to connect to this port? I can become root in order to specify the configuration, but the listening binary and the connecting binaries both run as the non-root $me user









    share























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      For reasons beyond my control, I have a binary that binds to TCP "localhost:$PORT". (Unix socket bindings would make this question moot).



      If I understand correctly, this means that although no network machine can connect, other users on the machine (including unprivileged daemon users) can connect to this port.



      Is there some way for me to specify that only binaries running as $me should be allowed to connect to this port? I can become root in order to specify the configuration, but the listening binary and the connecting binaries both run as the non-root $me user









      share













      For reasons beyond my control, I have a binary that binds to TCP "localhost:$PORT". (Unix socket bindings would make this question moot).



      If I understand correctly, this means that although no network machine can connect, other users on the machine (including unprivileged daemon users) can connect to this port.



      Is there some way for me to specify that only binaries running as $me should be allowed to connect to this port? I can become root in order to specify the configuration, but the listening binary and the connecting binaries both run as the non-root $me user







      linux networking tcp port





      share












      share










      share



      share










      asked 4 mins ago









      Soumya

      21929




      21929

























          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f479012%2frestrict-inbound-access-on-localhosttcp-port%23new-answer', 'question_page');

          );

          Post as a guest



































          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f479012%2frestrict-inbound-access-on-localhosttcp-port%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?