python bind socket.error: [Errno 13] Permission denied

Question

I have a python script which gets packets from a remote machine and writes them (os.write(self.tun_fd.fileno(), \'\'.join(packet))) to a tun interface gr3:

Answer 1

Although not in the original question, just want to expand this to the case of unix sockets for local interprocess communication, i.e. AF_UNIX. As seen in man unix 7:

In the Linux implementation, pathname sockets honor the permissions of the directory they are in. Creation of a new socket fails if the process does not have write and search (execute) permission on the directory in which the socket is created.

On Linux, connecting to a stream socket object requires write permission on that socket; sending a datagram to a datagram socket likewise requires write permission on that socket. POSIX does not make any statement about the effect of the permissions on a socket file, and on some systems (e.g., older BSDs), the socket permissions are ignored. Portable programs should not rely on this feature for security.

So look at the permissions on the socket directory if getting a PermissionError: [Errno 13] Permission denied on bind() for unix sockets.

Answer 2

You can't bind to port numbers lower than 1024 as a unprivileged user.

So you should either:

• Use a port number larger than 1024 (recommended)
• Or run the script as a privileged user

Harder, but more secure solution if it's really necessary to accept from 111:

• Run the as unprivileged on a higher port, and forward port 111 to it externally.