search

berkus / ostinato

Automatically exported from code.google.com/p/ostinato
GNU General Public License v3.0
0 stars 0 forks source link

Add 'setcap' to FAQ so people don't have to run as root #125

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I *really* dislike running apps as root unless I must.

Wireshark's documentation suggests using setcap, so that running as root can be 
avoided. I just did that for drone, and so far it seems to work just fine.

the command:
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/drone

this gives the executable the appropriate network-related capabilities, without 
the security implications of root access, should there be an exploitable buffer 
overflow or similar.

Original issue reported on code.google.com by Mark.Pic...@inin.com on 18 Jul 2014 at 4:06

GoogleCodeExporter commented 9 years ago 
@Mark: Thank you for the suggestion. The FAQ has been updated with this tip.

Original comment by pstav...@gmail.com on 21 Jul 2014 at 2:50