====== Freebsd Non-root ======

Running on FreeBSD, you can use the [[https://www.freebsd.org/cgi/man.cgi?query=mac_portacl|mac_portacl(4)]] framework to allow a specific user ID to bind specific reserved ports.

First, find the uid of the user you are running sbbs as.  Assuming the user name is "sbbs":
<code>id sbbs</code>.

Next, you need to edit [[https://www.freebsd.org/cgi/man.cgi?query=loader.conf|/boot/loader.conf]] and add the line <code>mac_portacl_load="YES"</code>.  Now, you need to add the following lines to [[https://www.freebsd.org/cgi/man.cgi?query=sysctl.conf|/etc/sysctl.conf]].  Replace "1003" with the uid you found above:

<code>
security.mac.portacl.enabled=1
net.inet.ip.portrange.reservedhigh=0
security.mac.portacl.rules=\
uid:1003:tcp:11\
,uid:1003:udp:11\
,uid:1003:tcp:17\
,uid:1003:udp:17\
,uid:1003:tcp:18\
,uid:1003:udp:18\
,uid:1003:tcp:21\
,uid:1003:tcp:22\
,uid:1003:tcp:23\
,uid:1003:tcp:25\
,uid:1003:tcp:70\
,uid:1003:tcp:79\
,uid:1003:udp:79\
,uid:1003:tcp:80\
,uid:1003:tcp:110\
,uid:1003:tcp:143\
,uid:1003:tcp:513\
,uid:1003:tcp:587\
,uid:1003:tcp:843\
,uid:1003:tcp:465\
,uid:1003:tcp:995
</code>

Finally, you will need to apply the changes.  Load the module using <code>kldload mac_portacl</code> then apply the sysctl.conf changes <code>service restart sysctl</code>.

Now you should be able to run SBBS as the specified user and rebind ports.  Make sure you remove the User= line from the UNIX section of the sbbs.ini or you will be unable to recycle the BBS.

===== See Also =====
  * [[:howto:|howto index]]

{{tag>unix freebsd}}