Re: Recycle semaphore?
By: Va7aqd to Digital Man on Mon Apr 01 2019 07:49 pm
> Re: Recycle semaphore?
> By: Digital Man to Va7aqd on Mon Apr 01 2019 04:14 pm
>
> > It sounds like you're missing some kernel module associated with
> > capabilities. Sorry, I don't know more than that (I didn't write this
> > portion of the code, Deuce did). I don't seem to have any modules with
> > "cap"
> > in the name installed/running on my Debian systems, yet the capabilites
> > work
> > fine.
>
> OK, I think I have things sorted, but much of what was wrong seems to be
> with
> the suggestions
> in the documentation (and that's no complaint about the docs at all -
> there's tons of great info in the wiki). Specifically, it looks like SBBS
> should be started as
> root as it drops
> privileges and runs as the user defined in ctrl/sbbs.ini appropriately.
That's how I run it.
> However, in the wiki
> docs, and I would point the finger mostly at the systemd page, which gives
> an
> example with
> systemd starting it as a non-root user & group.
Someone contributed that wiki page. You can certainly update it to clarify your
findings.
> When doing an
> strace on sbbs when starting (and complaining about it's inability to
> recycle),
> it looks like
> it's checking other capabilities (though I'm not familiar with granting
> capabilities this way,
> so I'm just guessing on what this means):
The source for this is in src/sbbs3/sbbscon.c
It looks to me like it tries to use the following privs before binding ports:
caps |= (1 << CAP_NET_BIND_SERVICE);
caps |= (1 << CAP_SETUID);
caps |= (1 << CAP_SETGID);
caps |= (1 << CAP_DAC_READ_SEARCH);
caps |= (1 << CAP_SYS_RESOURCE);
And then after binding:
caps |= (1 << CAP_NET_BIND_SERVICE);
caps |= (1 << CAP_SYS_RESOURCE);
> it needs, but it appears that "setcap 'cap_net_bind_service=ep'" isn't
> enough.
It seems to work for people. I don't personally use that method, so I can't
vouch for it.
digital man
Synchronet/BBS Terminology Definition #66:
SyncEdit = A defunct 3rd party full-screen editor written for Synchronet
Norco, CA WX: 62.4°F, 44.0% humidity, 0 mph SW wind, 0.00 inches rain/24hrs
--- SBBSecho 3.07-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|
Synchronet Multinode BBS Softwar... 
