allow awgtpman to run as unprivileged user (!81) · Merge requests · CDS / software / advLigoRTS

Jameson Rollins requested to merge jameson.rollins/advligorts:awgtpman-cap-set into master Apr 22, 2020

The awgtpman process is run as root only because it wants to bind to a privileged port. This is not necessary as capabilities exist to allow running it as a unprivileged user:

remove an unnecessary check in the awgtpman binary on the superuser status of the user
set CAP_NET_BIND_SERVICE in the systemd service to allow it to bind to privileged port

This should allow the service to run as a non-privileged user, which we set here to be advligorts.

closes #93 (closed)

Edited Apr 22, 2020 by Jameson Rollins

allow awgtpman to run as unprivileged user

Merge request reports