Hint on how to run as user w/o root with listening ports < 1024

[stefan-dus]

As seen on the manul of small-tech/auto-encrypt:

With root rights enter: sysctl -w net.ipv4.ip_unprivileged_port_start=0 problem solved. KTN runs without root.

Src: https://codeberg.org/small-tech/auto-encrypt#a-note-on-linux-and-the-security-farce-that-is-privileged-ports

As I searched days for a way to run it w/o root or docker, please add this to the manual. Many thanks!

[leafac]

Hi @stefan-dus,

Thanks for reaching out.

I designed Kill the Newsletter! to run as root and to be the only application on a machine without containers. That’s how I run the canonical installation at kill-the-newsletter.com.

See details at https://github.com/radically-straightforward/radically-straightforward/blob/aa35caf403bf46df083eaefdb3d96f86cb574941/guides/deployment.md.

As you found out, many variations are possible, from running the application with a user different from root, to using it in a container. While I encourage people to stray from the “happy path”, I can’t provide support.

In your case you ran into the issue of privileged ports, but there are plenty of other considerations, and they change all the time. So I’ll keep things as-is for now.

Thanks again for the suggestion.