This is an old revision of the document!


Freebsd Non-root

Running on FreeBSD, you can use the mac_portacl(4) framework to allow a specific user ID to bind specific reserved ports.

First, find the uid of the user you are running sbbs as. Assuming the user name is “sbbs”:

id sbbs

.

Next, you need to edit /boot/loader.conf and add the line

mac_portacl_load="YES"

. Now, you need to add the following lines to /etc/sysctl.conf. Replace “1003” with the uid you found above:

security.mac.portacl.enabled=1
net.inet.ip.portrange.reservedhigh=0
security.mac.portacl.rules=\
uid:1003:tcp:11\
,uid:1003:udp:11\
,uid:1003:tcp:17\
,uid:1003:udp:17\
,uid:1003:tcp:18\
,uid:1003:udp:18\
,uid:1003:tcp:21\
,uid:1003:tcp:22\
,uid:1003:tcp:23\
,uid:1003:tcp:25\
,uid:1003:tcp:70\
,uid:1003:tcp:79\
,uid:1003:udp:79\
,uid:1003:tcp:80\
,uid:1003:tcp:110\
,uid:1003:tcp:143\
,uid:1003:tcp:513\
,uid:1003:tcp:587\
,uid:1003:tcp:843

Finally, you will need to apply the changes. Load the module using

kldload mac_portacl

then apply the sysctl.conf changes

service restart sysctl

.

Now you should be able to run SBBS as the specified user and rebind ports. Make sure you remove the User= line from the UNIX section of the sbbs.ini or you will be unable to recycle the BBS.

See Also

howto/freebsd_non-root.1515963831.txt · Last modified: 2018/01/14 13:03 by digital man
Back to top
CC Attribution 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0