allow awgtpman to run as unprivileged user

The awgtpman process is run as root only because it wants to bind to a privileged port. This is not necessary as capabilities exist to allow running it as a unprivileged user: * remove an unnecessary check in the awgtpman binary on the superuser status of the user * set CAP_NET_BIND_SERVICE in the systemd service to allow it to bind to privileged port This should allow the service to run as a non-privileged user, which we set here to be advligorts. closes #93

allow awgtpman to run as unprivileged user
16197257 · Jameson Rollins · 0502a4b7 · 16197257 · 16197257
Commit 16197257 authored 4 years ago by Jameson Rollins
--- a/src/gds/awgtpman.c
+++ b/src/gds/awgtpman.c
@@ -175,12 +175,7 @@ CDS_HARDWARE cdsPciModules;
      initReflectiveMemory();
 #endif
      if (run_awg) {
-        if (geteuid() != 0) {
-	  printf ("Must be a superuser to run awgtpman\n");
-	  return 1;
-        } else {
-	  nice(-20);
-        }
+        nice(-20);
      }
 /*
                                if ($::site =~ /^M/) {

--- a/support/systemd/rts-awgtpman@.service
+++ b/support/systemd/rts-awgtpman@.service
@@ -5,5 +5,7 @@ Wants=rts-module@%i.service
 PartOf=rts@%i.target

 [Service]
+User=advligorts
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 ExecStart=/usr/bin/rts_awgtpman_exec %i
 Restart=always