Synchronet v3.20b-Win32 (install) has been released (Jan-2025).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
howto:linux_non-root [2015/09/22 15:52] – created deucehowto:linux_non-root [2023/03/09 10:40] (current) – add link to systemd unit file digital man
Line 1: Line 1:
-====== Linux Non-root ======+====== Start Synchronet on Linux as a Non-root user ======
  
-A simple way that will allow Linux Synchronet to run completely as non-root is to explicitly allow the binary to bind low ports using the setcap command.+===== systemd ===== 
 +If you're running any kind of recent (last 2yrs+) systemd, just put this line in the ''[Service]'' section of your ''[[https://gitlab.synchro.net/main/sbbs/-/blob/master/install/systemd/sbbs.service|sbbs.service]]'' file, if it isn't already:\\ 
 +''**AmbientCapabilities=CAP_NET_BIND_SERVICE**''
  
-<code>sudo /sbin/setcap 'cap_net_bind_service=ep' /sbbs/exec/sbbs</code>+===== setcap ===== 
 +''setcap'' may be used to allow Synchronet (''sbbs'') for Linux to run completely as a **non-root** user by explicitly allowing the binary to bind low ports using the command-line: 
 + 
 +  $ sudo /sbin/setcap 'cap_net_bind_service=+ep' `realpath /sbbs/exec/sbbs
 + 
 +This will need to be re-ran any time the binary is rebuilt and can be automated by adding the ''setcap'' target to your ''make'' command-line executed in ''src/sbbs3'': 
 +  $ make RELEASE=1 setcap symlinks 
 +   
 +To confirm the bind capabilities were set successfully, run: 
 +  $ sudo getcap `realpath /sbbs/exec/sbbs` 
 +  /path/to/sbbs = cap_net_bind_service+ep 
 +===== authbind ===== 
 + 
 +An alternative may be to use authbind.  
 + 
 +Install authbind using your favorite package manager for your Linux Distribution. 
 + 
 +Configure it to grant access to the relevant ports, e.g. to allow 80, 21, 23,25, 110, etc 443 from all users and groups: 
 + 
 +  sudo touch /etc/authbind/byport/80 
 + 
 +  sudo touch /etc/authbind/byport/443 
 + 
 +and so forth for all ports you are using below 1025 ... 
 + 
 +  sudo chmod 777 /etc/authbind/byport/80 
 + 
 +  sudo chmod 777 /etc/authbind/byport/443 
 + 
 +and so forth for all ports you are using below 1025 
 + 
 +Now execute your command via authbind (optionally specifying --deep or other arguments, see the man page): 
 + 
 +  sudo authbind --deep /sbbs/exec/sbbs -d
  
-This must be ran on the binary itself (if /sbbs/exec/sbbs is a symlink, apply it to the target of the link instead).  This will need to be re-ran any time the binary is rebuilt. 
  
-A better alternative may be authbind: 
  
-[TODO] 
  
 ===== See Also ===== ===== See Also =====
   * [[:howto:|howto index]]   * [[:howto:|howto index]]
  
-{{tag>}}+{{tag>linux}}
  

Trace: