This is an old revision of the document!


Table of Contents

Linux Non-root

setcap

setcap may be used to allow Synchronet (sbbs) for Linux to run completely as non-root user by explicitly allowing the binary to bind low ports using the command-line:

sudo /sbin/setcap 'cap_net_bind_service=ep' /sbbs/exec/sbbs

This must be ran on the executable file itself (if /sbbs/exec/sbbs is a symlink, apply it to the target of the link instead). For example:

sudo setcap 'cap_net_bind_service=ep' ~/sbbs/src/sbbs3/gcc.linux.x64.exe.release/sbbs

This will need to be re-ran any time the binary is rebuilt (and remember to properly reference .debug or .release).

This requires that the libcap2-dev package be installed prior to building sbbs (or perform a clean build of sbbs after installing libcap2-dev). See prerequisites for details.

authbind

An alternative may be to use authbind.

Install authbind using your favorite package manager for your Linux Distribution.

Configure it to grant access to the relevant ports, e.g. to allow 80, 21, 23,25, 110, etc 443 from all users and groups:

sudo touch /etc/authbind/byport/80

sudo touch /etc/authbind/byport/443

and so forth for all ports you are using below 1025 ...

sudo chmod 777 /etc/authbind/byport/80

sudo chmod 777 /etc/authbind/byport/443

and so forth for all ports you are using below 1025

Now execute your command via authbind (optionally specifying –deep or other arguments, see the man page):

sudo authbind –deep /sbbs/exec/sbbs -d

See Also

howto/linux_non-root.1546897062.txt · Last modified: 2019/01/07 13:37 by Mortifis
Back to top
CC Attribution 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0