Synchronet v3.18b-Win32 (install) has been released (Sept-2020).

Synchronet v3.19a, now under development, requires libarchive-dev to build successfully.

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
howto:linux_non-root [2018/03/03 23:51]
nelgin [setcap] someone missed the .x64
howto:linux_non-root [2021/01/01 13:46] (current)
digital man [setcap] <Retros> btw.. if you're running any kind of recent (last 2yrs+) systemd, you don't need to mess with any setcap stuff, just put this line in your service file in [services]: AmbientCapabilities=CAP_NET_BIND_SERVICE
Line 1: Line 1:
-====== Linux Non-root ======+====== ​Start Synchronet on Linux as a Non-root ​user ====== 
 + 
 +===== systemd ===== 
 +If you're running any kind of recent (last 2yrs+) systemd, just put this line in the ''​[Service]''​ section of your ''​sbbs.service''​ file:\\ 
 +''​**AmbientCapabilities=CAP_NET_BIND_SERVICE**''​
  
 ===== setcap ===== ===== setcap =====
-''​setcap''​ may be used to allow Synchronet (''​sbbs''​) for Linux to run completely as **non-root** user by explicitly allowing the binary to bind low ports using the command-line:​+''​setcap''​ may be used to allow Synchronet (''​sbbs''​) for Linux to run completely as **non-root** user by explicitly allowing the binary to bind low ports using the command-line:​
  
-<​code>​sudo /​sbin/​setcap '​cap_net_bind_service=ep'​ /​sbbs/​exec/​sbbs</​code>​+  $ sudo /​sbin/​setcap '​cap_net_bind_service=+ep' ​`realpath ​/​sbbs/​exec/​sbbs`
  
-This must be ran on the executable file itself (if ''​/​sbbs/​exec/​sbbs'' ​is a symlink, apply it to the target ​of the link instead). For example+This will need to be re-ran any time the binary is rebuilt and can be automated by adding ​the ''​setcap''​ target ​to your ''​make''​ command-line executed in ''​src/​sbbs3'':​ 
-  sudo setcap '​cap_net_bind_service=ep'​ ~/sbbs/src/sbbs3/gcc.linux.x64.exe.release/sbbs+  $ make RELEASE=1 setcap symlinks 
 +   
 +To confirm ​the bind capabilities were set successfully,​ run
 +  ​sudo getcap `realpath ​/sbbs/exec/sbbs` 
 +  ​/path/to/sbbs = cap_net_bind_service+ep 
 +===== authbind =====
  
-This will need to be re-ran any time the binary is rebuilt (and remember ​to properly reference ''​.debug''​ or ''​.release''​).+An alternative may be to use authbind
  
-This requires that the [[https://packages.debian.org/stable/libcap2-dev|libcap2-dev]] package be installed prior to building ''​sbbs''​ (or perform a //clean// build of ''​sbbs''​ after installing ''​libcap2-dev''​). See [[install:​nix:​prerequisites]] for details.+Install authbind using your favorite package manager for your Linux Distribution. 
 + 
 +Configure it to grant access to the relevant ports, e.g. to allow 80, 21, 23,25, 110, etc 443 from all users and groups: 
 + 
 +  sudo touch /etc/authbind/​byport/​80 
 + 
 +  sudo touch /​etc/​authbind/​byport/​443 
 + 
 +and so forth for all ports you are using below 1025 ... 
 + 
 +  sudo chmod 777 /etc/authbind/​byport/​80 
 + 
 +  sudo chmod 777 /​etc/​authbind/​byport/​443 
 + 
 +and so forth for all ports you are using below 1025 
 + 
 +Now execute your command via authbind (optionally specifying ​--deep or other arguments, see the man page): 
 + 
 +  sudo authbind --deep ​/sbbs/exec/sbbs -d
  
-===== authbind ===== 
  
-An alternative may be to use authbind. 
  
-A detailed example should be added here. 
  
 ===== See Also ===== ===== See Also =====

In Other Languages