# Run NSO as Non-Privileged User

A common misfeature found on UNIX operating systems is the restriction that only `root` can bind to ports below 1024. Many a dollar has been wasted on workarounds and often the results are security holes.

Both FreeBSD and Solaris have elegant configuration options to turn this feature off. On FreeBSD:

```bash
# sysctl net.inet.ip.portrange.reservedhigh=0
```

The above is best added to your `/etc/sysctl.conf`.

Similarly, on Solaris, we can just configure this. Assuming we want to run NSO under a non-root user `ncs`. On Solaris, we can do that easily by granting the specific right to bind privileged ports below 1024 (and only that) to the `ncs` user using:

```bash
# /usr/sbin/usermod -K defaultpriv=basic,net_privaddr ncs
```

And check that we get what we want through:

```bash
# grep ncs /etc/user_attr
ncs::::type=normal;defaultpriv=basic,net_privaddr
```

Linux doesn't have anything like the above. There are a couple of options on Linux. The best is to use an auxiliary program like `authbind` (`http://packages.debian.org/stable/authbind`) or `privbind` (`http://sourceforge.net/projects/privbind/`).

These programs are run by `root`. To start NCS under e.g., `privbind`, we can do:

```bash
# privbind -u ncs /opt/ncs/current/bin/ncs -c /etc/ncs.conf
```

The above command starts NSO as the user `ncs` and binds to ports below 1024.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://nso-docs.cisco.com/guides/nso-6.2/administration/advanced-topics/running-nso-as-a-non-privileged-user.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.