By default, rundeck runs on ports 4440 / 4443.
Now, for security reasons which really ought to be obvious, I don't want this sensitive service binding to high-numbered ports. Once HTTPS is set up, that should ameliorate some of my concerns, but still…
Is there a way to have the rundeckd service bind to port 80 as root and then drop down to the rundeck user?
To be abundantly clear, I am not asking "How can I get rundeck to run on a different port?", because I can modify /etc/rundeck/profile
and get it to run on any non-registered port just fine.
Best Answer
There is no out of the box solution for this as far as I can see. For what you want to achieve, the program should use Privilege separation:
As mentioned above, a process can call the setuid(2), and setgid(2) to drop the privilages after starting as root.
And for all this to work you will possibly need to do fundamental changes in rundeck code, if you are that desperate.
Please see : How and why Linux daemons drop privileges and
https://unix.stackexchange.com/questions/21282/drop-process-privileges
Or you can use authbind that allows non-root programs to bind() to lower ports.
And for binding to another port according to Rundeck Installtion guide: System properties, among others: