Best way to start unprivileged service
W. Michael Petullo
mike at flyn.org
Tue Jan 2 16:20:51 PST 2024
I am packaging a service which I would like to run as an unprivileged
user. This server does not support opening its ports before dropping
its privileges. I would like the service to listen on a privileged port
(i.e., <1024).
What is the best way to accomplish this on OpenWrt? I have been looking
for an example init.d script.
For special cases, I have used "setcap cap_net_bind_service=+ep $command",
but CONFIG_KERNEL_EXT4_FS_SECURITY is not the default setting for
OpenWrt's kernels.
I looked at procd's jails, but I did not see a way to push a privileged
port into the jail.
Any advice would be appreciated.
--
Mike
:wq
More information about the openwrt-devel
mailing list