This issue is a placeholder for future documentation.
We typically tell linux users to set CAP_NET_BIND_SERVICE on the urbit binary so that it can bind port 80. That works fine until they upgrade, and the result can be very confusing. Propagating the capability forward (a la urbit/vere#455) requires full capabilities, which is basically just running as root by other means.
We intend to add a better warning message on upgrade. There are also options to configure the linux kernel so that unprivileged processes can bind lower ports. See urbit/vere#475 for more info.
This issue is a placeholder for future documentation.
We typically tell linux users to set
CAP_NET_BIND_SERVICE
on the urbit binary so that it can bind port 80. That works fine until they upgrade, and the result can be very confusing. Propagating the capability forward (a la urbit/vere#455) requires full capabilities, which is basically just running as root by other means.We intend to add a better warning message on upgrade. There are also options to configure the linux kernel so that unprivileged processes can bind lower ports. See urbit/vere#475 for more info.