Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howto:linux_non-root [2018/01/14 12:51] – [Linux Non-root] More details and examples. digital manhowto:linux_non-root [2023/03/09 10:40] (current) – add link to systemd unit file digital man
Line 1: Line 1:
-====== Linux Non-root ======+====== Start Synchronet on Linux as a Non-root user ====== 
 + 
 +===== systemd ===== 
 +If you're running any kind of recent (last 2yrs+) systemd, just put this line in the ''[Service]'' section of your ''[[https://gitlab.synchro.net/main/sbbs/-/blob/master/install/systemd/sbbs.service|sbbs.service]]'' file, if it isn't already:\\ 
 +''**AmbientCapabilities=CAP_NET_BIND_SERVICE**''
  
 ===== setcap ===== ===== setcap =====
-''setcap'' may be used to allow Synchronet (''sbbs'') for Linux to run completely as **non-root** user by explicitly allowing the binary to bind low ports using the command-line:+''setcap'' may be used to allow Synchronet (''sbbs'') for Linux to run completely as **non-root** user by explicitly allowing the binary to bind low ports using the command-line:
  
-<code>sudo /sbin/setcap 'cap_net_bind_service=ep' /sbbs/exec/sbbs</code>+  $ sudo /sbin/setcap 'cap_net_bind_service=+ep' `realpath /sbbs/exec/sbbs`
  
-This must be ran on the executable file itself (if ''/sbbs/exec/sbbs'' is a symlink, apply it to the target of the link instead). For example+This will need to be re-ran any time the binary is rebuilt and can be automated by adding the ''setcap'' target to your ''make'' command-line executed in ''src/sbbs3'': 
-  sudo setcap 'cap_net_bind_service=ep' ~/sbbs/src/sbbs3/gcc.linux.exe.release/sbbs+  $ make RELEASE=1 setcap symlinks 
 +   
 +To confirm the bind capabilities were set successfully, run
 +  sudo getcap `realpath /sbbs/exec/sbbs` 
 +  /path/to/sbbs = cap_net_bind_service+ep 
 +===== authbind =====
  
-This will need to be re-ran any time the binary is rebuilt (and remember to properly reference ''.debug'' or ''.release'').+An alternative may be to use authbind
  
-This requires that the [[https://packages.debian.org/stable/libcap2-dev|libcap2-dev]] package be installed prior to building ''sbbs'' (or perform a //clean// build of ''sbbs'' after installing ''libcap2-dev''). See [[install:nix:prerequisites]] for details.+Install authbind using your favorite package manager for your Linux Distribution. 
 + 
 +Configure it to grant access to the relevant ports, e.g. to allow 80, 21, 23,25, 110, etc 443 from all users and groups: 
 + 
 +  sudo touch /etc/authbind/byport/80 
 + 
 +  sudo touch /etc/authbind/byport/443 
 + 
 +and so forth for all ports you are using below 1025 ... 
 + 
 +  sudo chmod 777 /etc/authbind/byport/80 
 + 
 +  sudo chmod 777 /etc/authbind/byport/443 
 + 
 +and so forth for all ports you are using below 1025 
 + 
 +Now execute your command via authbind (optionally specifying --deep or other arguments, see the man page): 
 + 
 +  sudo authbind --deep /sbbs/exec/sbbs -d
  
-===== authbind ===== 
  
-An alternative may be to use authbind. 
  
-A detailed example should be added here. 
  
 ===== See Also ===== ===== See Also =====
   * [[:howto:|howto index]]   * [[:howto:|howto index]]
  
-{{tag>}}+{{tag>linux}}
  
howto/linux_non-root.1515963112.txt · Last modified: 2018/01/14 12:51 by digital man
Back to top
CC Attribution 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0