open
https://gitlab.synchro.net/main/sbbs/-/issues/699
I'm going to paste in the text from a message I posted on DoveNet regarding this:
I've been off-and-on fighting with using 'setcap' to allow binding to ñ
low ports as a non-root user, and today found (I think) what might be ñ
causing my difficulties. ñ
ñ
I've been doing my updates with an automated script, and the setcap ø
option on the make line didn't seem to work. So, I was trying to use it ø
in the update script as a command (sudo setcap ...<blah>). That didn't ø
work either, and I think it's because there are weird/complicated things ø
with 'setuid' and 'inherited' permissions type things in a bash script. ø
With both of those issues not working, I just manually did the setcap ø
command after the build was complete, and that works as expected. ø
ø
So today I once again used the command on the make line, thus: ø
ø
cd /sbbs/repo/src/sbbs3; make RELEASE=1 setcap install ø
ø
That *appears* to work, as the relevant make output is this:
ø
Linking gcc.linux.x64.exe.release/umonitor ø
make[1]: Leaving directory '/sbbs/repo/src/sbbs3/umonitor' ø
sudo `whereis -b setcap | cut -d" " -f2` 'cap_net_bind_service=+ep' ø
gcc.linux.x64.exe.release/sbbs ø
install gcc.linux.x64.exe.release/* /sbbs/exec ñ
install gcc.linux.x64.lib.release/* /sbbs/exec ñ
install */gcc.linux.x64.exe.release/* /sbbs/exec ñ
ñ
(side note: it doesn't prompt me for user password because I have my ø
user allowed to run all sudo commands without a password). ø
ø
The problem is that it.... still doesn't work, 'sbbs' fails to bind to a ø
low port number. So I started looking closer. In a Linux terminal ø
window, my files appear in different colors depending on file ø
extensions, when using the 'ls' command. The executable files in ø
/sbbs/exec are green, for example. The 'sbbs' executable is green after running the build. If I manually use setcap to give it binding ø
capabilities, it now shows as black text on a red background, which I'm ø
sure means it is now considered some kind of "special" file. ø
However.... the 'sbbs' executable in ø
/sbbs/repo/src/sbbs3/gcc.linux.x64.exe.release/ is.... RED, even when ø
the 'sbbs' executable in /sbbs/exec is green (not capable). What's ø
happening is that the install commands there above that copy the newly ø
compiled executables to /sbbs/exec remove the special capabilities. ø
ø
This problem isn't noticed by those that use 'symlinks' on their make ñ
line, only when a person uses 'install', because that copies the file ñ
somewhere else, which apparently breaks the capabilites that it's been ñ
given.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net