I’d like to run a service as a non-privileged user, but it needs to bind to a system port number (i.e. less than 1024), so I give it setcap ‘cap_net_bind_service=+ep’ <path for service>, all good. Problem is, on startup, the service reads environment vars and for some reason it can’t do that when it has […]
- Tags all good. Problem is, but it needs to bind to a system port number (i.e. less than 1024), but the exe loses that capability when I give it cap_net_bind_service. Is that right, I'd like to run a service as a non-privileged user, on startup, one with cap_net_bind_service, one without), only the one without can read environment vars. It's as though there's a default set of capabilities that allows reading env vars, or is something else going on? What additional capability might I need to give to the service so that it can read env vars? There's nothing i, so I give it setcap 'cap_net_bind_service=+ep', the service reads environment vars and for some reason it can't do that when it has cap_net_bind_service. So, with two copies of the executable