Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
faq:nix [2018/02/13 12:39] – Updated the section about ports <1024 on Linux with the question/answer format as in other sections nightfox | faq:nix [2020/11/14 11:19] – Create Linux-recycle FAQ digital man |
---|
* [[#SELinux|What does nothing work with SELinux]]? | * [[#SELinux|What does nothing work with SELinux]]? |
* [[#Disk space|How much disk space is required]]? | * [[#Disk space|How much disk space is required]]? |
* [[#TermType|What does an ''unknown terminal'' error indicate]]? | * [[#Terminal Type|What does an ''unknown terminal'' error indicate]]? |
* [[#ports_below_1024_without_root_on_linux|How can I bind to ports below 1024 without being root on Linux]]? | * [[#tempnam warning|Why do I get a warning about use of ''tempnam'' when compiling]]? |
| * [[#SDL Errors|How do I work around SDL 1.2 run-time errors]]? |
| * [[#Recycle|Why does the recycling of servers/services not work]]? |
| |
===== Flavors ===== | ===== Flavors ===== |
| |
**Answer:**\\ | **Answer:**\\ |
A fresh install (as of Feb-2009) requires about 70MBytes. | A fresh install (as of Mar-2020) from source code, requires about 500MBytes of space. |
Much of the space consumed is in the form of intermediate build files which | Much of the space consumed is in the form of intermediate build files which may be removed after the build is complete if space is a concern. |
may be removed after the build is complete if space is a concern. | |
| |
| |
To elaborate, [[util:SBBSecho]] uses ''tempnam'' for a specific purpose, which ''mkstemp'' does not do. Additionally ''mkstemp'' is not available in all the C libraries for all the platforms for which Synchronet is built. The //dangers// of ''tempnam'' do not apply to SBBSecho's use of the function. | To elaborate, [[util:SBBSecho]] uses ''tempnam'' for a specific purpose, which ''mkstemp'' does not do. Additionally ''mkstemp'' is not available in all the C libraries for all the platforms for which Synchronet is built. The //dangers// of ''tempnam'' do not apply to SBBSecho's use of the function. |
| |
===== Ports Below 1024 Without Root On Linux ===== | ===== SDL errors ===== |
**Question:**\\ | **Question:**\\ |
How can I bind to network ports below 1024 as a non-root user on Linux? | How do I work around SDL_main errors (e.g. ''No protocol specified'' followed by a ''segmentation fault'') that prevent Synchronet applications (e.g. [[util:SCFG]], [[util:EchoCFG]], [[monitor:umonitor]], etc.) built with SDL 1.2 from running? |
| <code> |
| $ /sbbs/exec/scfg |
| No protocol specified |
| No protocol specified |
| No protocol specified |
| Segmentation fault (core dumped) |
| </code> |
| |
**Answer:**\\ | **Answer:**\\ |
By default, Linux does not allow non-root processes to bind to ports below 1024. This was done as a security measure, although some argue that the reasons for this are obsolete. It is often a bad practice to run processes as root unless it's really necessary to do so, and perhaps even more so with an Internet-accessible server. Thus, it is often desirable to run servers on standard ports (below 1024) as a non-root user. You can do so with the setcap command. For example:\\ | Double check that you can run X applications (e.g. ''xterm'', ''xeyes'') and if you cannot, you may need to grant X access to other user accounts with a command like: |
setcap cap_net_bind_service=+ep /sbbs/exec/sbbs | xhost +SI:localuser:<username> |
| executed before switching to another user account (e.g. with ''su'' or ''sudo''). |
| |
For more information, see the following:\\ | Work-arounds: |
[[https://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux|StackOverflow: Is there a way for non-root processes to bind to “privileged” ports on Linux?]]\\ | - Clean re-build all of Synchronet without SDL support (include ''WITHOUT_SDL=1'' on the ''make'' command-lines or in your ''localdefs.mk'' file) |
[[https://www.jumpingbean.co.za/blogs/mark/run-application-port-below-1024-linux|How to bind to ports below 1024 without being root on Linux?]]\\ | - Set the ''SDL_VIDEODRIVER'' environment variable to the value of ''dummy'' (e.g. ''EXPORT SDL_VIDEODRIVER=dummy'') before executing the program |
[[https://www.staldal.nu/tech/2007/10/31/why-can-only-root-listen-to-ports-below-1024|Why can only root listen to ports below 1024?]] | |
| ===== Recycle ===== |
| **Question:**\\ |
| Why do my servers/services fail to recycle when I set the node-recycle flag (e.g. saving changes in [[util:SCFG]]) or when touching [[config:semfiles]]? |
| |
| **Question:**\\ |
| What do the following warning-level log messages indicate? |
| Disabling Terminal Server recycle support |
| Disabling FTP Server recycle support |
| Disabling Web Server recycle support |
| Disabling Mail Server recycle support |
| Disabling Services recycle support |
| |
| **Answer:**\\ |
| Recycle support can be disabled manually be setting the ''NO_RECYCLE'' ''Options'' flag in one or more server sections of your ''[[config:sbbs.ini]]'' file. The log warning messages above indicate that the BBS automatically set this option flag because it was: |
| - Configured to bind-to/listen-on TCP ports < 1024 (the so-called "reserved" ports) |
| - **and** the BBS was configured to change the current user-id in the ''[[config:sbbs.ini#UNIX]]'' section of ''[[config:sbbs.ini]]'' |
| - **and** the BBS could not dynamically set the bind capabilities using the Linux "Capabilities" syscall interface. |
| |
| The solution is to remove the ''User'' and ''Group'' settings from the ''[[config:sbbs.ini#UNIX]]'' section of ''[[config:sbbs.ini]]'' and the follow the instructions [[howto:Linux_non-root|here]] for running the BBS on Linux as a non-root user. |
| |
===== See Also ===== | ===== See Also ===== |