Start Synchronet on Linux as a Non-root user

If you're running any kind of recent (last 2yrs+) systemd, just put this line in the [Service] section of your sbbs.service file, if it isn't already:
AmbientCapabilities=CAP_NET_BIND_SERVICE

setcap may be used to allow Synchronet (sbbs) for Linux to run completely as a non-root user by explicitly allowing the binary to bind low ports using the command-line:

$ sudo /sbin/setcap 'cap_net_bind_service=+ep' `realpath /sbbs/exec/sbbs`

This will need to be re-ran any time the binary is rebuilt and can be automated by adding the setcap target to your make command-line executed in src/sbbs3:

$ make RELEASE=1 setcap symlinks

To confirm the bind capabilities were set successfully, run:

$ sudo getcap `realpath /sbbs/exec/sbbs`
/path/to/sbbs = cap_net_bind_service+ep

An alternative may be to use authbind.

Install authbind using your favorite package manager for your Linux Distribution.

Configure it to grant access to the relevant ports, e.g. to allow 80, 21, 23,25, 110, etc 443 from all users and groups:

sudo touch /etc/authbind/byport/80

sudo touch /etc/authbind/byport/443

and so forth for all ports you are using below 1025 ...

sudo chmod 777 /etc/authbind/byport/80

sudo chmod 777 /etc/authbind/byport/443

and so forth for all ports you are using below 1025

Now execute your command via authbind (optionally specifying –deep or other arguments, see the man page):

sudo authbind --deep /sbbs/exec/sbbs -d

• howto index