[deleted stuff about changing sockets so that they could be bound to
With regards to gid vs. uid -- is either one of this preferable for any
particular reason? gid may be more flexible, I guess, as it would allow
multiple users to bind the same ports, but without having rights to each
others processes, and as such allow a simpler minimum configuration.
I think that if someone where to do this sort of thing then it should be
according to the normal UNIX rules: (READ,WRITE,EXECUTE)X(USER,GROUP,PUBLIC).
I'm not sure execute means anything in this context.
This gives you maximal control, and you just default to the current
behaviour. (I'd imagine a hash-table based implementation, which only
incurs overhead when there are changed permissions. No hit in the hash table
means default behaviour - open with port<1024 => fail for everyone except root.)