Subj : Re: Fresh install error
To : Accession
From : StackFault
Date : Tue Jan 16 2024 08:29 pm
Ac> S> MIS should not be run as root.
Ac>
Ac> Okay. Whatever. While opinions are like assholes, this is another topic
Ac> completely. What I was asking him is if he DID run it as root (even just
Ac> once) it would ruin his permissions if in the future he started running
Ac> it as a regular user, or even using sudo.
Sure, no issues, while I answered to you, it was not directed but just to pass the information.
Ac> S> You should use setcap instead to provide the MIS binary the capability
Ac> S> to bind to privileged port using this command:
Ac>
Ac> S> sudo setcap 'cap_net_bind_service=+ep' /path/to/mis
Ac>
Ac> S> This way, MIS can be started with a regular user and still be able to
Ac> S> bind to a low port, without root privilege.
Ac>
Ac> Thank you, Mr. Linux Guru.
Ac>
Ac> ...and all I was trying to say is even if you use sudo to start MIS, it
Ac> binds to the low ports and passes permissions off to the user that used
Ac> sudo immediately after. It was done on purpose by the developer himself.
Ac> You can take it up with him if you want to argue about what should and
Ac> shouldn't be done. *shrug*
Well, again, not personal.
Ac> To be fair, Synchronet also does this. And it seems so does just about
Ac> anything that uses systemd if you use the USER and GROUP keywords in
Ac> your .service file. So you may as well tell all those people how they
Ac> should do it, too. ;)
