Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howto:linux_non-root [2020/03/23 18:53] – [setcap] Does not require libcap-dev2 digital manhowto:linux_non-root [2023/03/09 10:40] (current) – add link to systemd unit file digital man
Line 1: Line 1:
-====== Linux Non-root ======+====== Start Synchronet on Linux as a Non-root user ====== 
 + 
 +===== systemd ===== 
 +If you're running any kind of recent (last 2yrs+) systemd, just put this line in the ''[Service]'' section of your ''[[https://gitlab.synchro.net/main/sbbs/-/blob/master/install/systemd/sbbs.service|sbbs.service]]'' file, if it isn't already:\\ 
 +''**AmbientCapabilities=CAP_NET_BIND_SERVICE**''
  
 ===== setcap ===== ===== setcap =====
 ''setcap'' may be used to allow Synchronet (''sbbs'') for Linux to run completely as a **non-root** user by explicitly allowing the binary to bind low ports using the command-line: ''setcap'' may be used to allow Synchronet (''sbbs'') for Linux to run completely as a **non-root** user by explicitly allowing the binary to bind low ports using the command-line:
  
-<code>sudo /sbin/setcap 'cap_net_bind_service=+ep' /sbbs/exec/sbbs</code> +  $ sudo /sbin/setcap 'cap_net_bind_service=+ep' `realpath /sbbs/exec/sbbs`
- +
-This must be ran on the executable file itself (if ''/sbbs/exec/sbbs'' is a symlink, apply it to the target of the link instead). For example: +
-  sudo setcap 'cap_net_bind_service=+ep' ~/sbbs/src/sbbs3/gcc.linux.*.exe.*/sbbs+
  
 This will need to be re-ran any time the binary is rebuilt and can be automated by adding the ''setcap'' target to your ''make'' command-line executed in ''src/sbbs3'': This will need to be re-ran any time the binary is rebuilt and can be automated by adding the ''setcap'' target to your ''make'' command-line executed in ''src/sbbs3'':
-  make RELEASE=1 setcap symlinks+  make RELEASE=1 setcap symlinks 
 +   
 +To confirm the bind capabilities were set successfully, run: 
 +  $ sudo getcap `realpath /sbbs/exec/sbbs` 
 +  /path/to/sbbs = cap_net_bind_service+ep
 ===== authbind ===== ===== authbind =====
  
Line 19: Line 24:
 Configure it to grant access to the relevant ports, e.g. to allow 80, 21, 23,25, 110, etc 443 from all users and groups: Configure it to grant access to the relevant ports, e.g. to allow 80, 21, 23,25, 110, etc 443 from all users and groups:
  
-sudo touch /etc/authbind/byport/80+  sudo touch /etc/authbind/byport/80
  
-sudo touch /etc/authbind/byport/443+  sudo touch /etc/authbind/byport/443
  
 and so forth for all ports you are using below 1025 ... and so forth for all ports you are using below 1025 ...
  
-sudo chmod 777 /etc/authbind/byport/80+  sudo chmod 777 /etc/authbind/byport/80
  
-sudo chmod 777 /etc/authbind/byport/443+  sudo chmod 777 /etc/authbind/byport/443
  
 and so forth for all ports you are using below 1025 and so forth for all ports you are using below 1025
Line 33: Line 38:
 Now execute your command via authbind (optionally specifying --deep or other arguments, see the man page): Now execute your command via authbind (optionally specifying --deep or other arguments, see the man page):
  
-sudo authbind --deep /sbbs/exec/sbbs -d+  sudo authbind --deep /sbbs/exec/sbbs -d
  
  
howto/linux_non-root.1585014823.txt · Last modified: 2020/03/23 18:53 by digital man
Back to top
CC Attribution 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0