From 4321fe93e5376b661f1012367d8c058383017a7f Mon Sep 17 00:00:00 2001
From: Cengiz Can <123910+cengizIO@users.noreply.github.com>
Date: Mon, 13 May 2019 15:14:06 +0300
Subject: [PATCH] add optional AmbientCapabilities to systemd unit

If a user wants to bind to a privileged port (<1024) our current systemd unit fails to provide enough capabilities to endlessh binary.

So, a user can modify `/etc/endlessh/config` to have `Port=22` or similar and then check out the systemd unit to enable the extra attribute.
---
 util/endlessh.service | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/util/endlessh.service b/util/endlessh.service
index 2c04ee7..f6a0419 100644
--- a/util/endlessh.service
+++ b/util/endlessh.service
@@ -21,6 +21,13 @@ PrivateTmp=true
 PrivateDevices=true
 ProtectSystem=full
 ProtectHome=true
+
+## If you want Endlessh to bind on ports < 1024
+## 1) run: 
+##     setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
+## 2) uncomment following line
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+
 NoNewPrivileges=true
 ConfigurationDirectory=endlessh
 PrivateUsers=true
@@ -31,3 +38,4 @@ MemoryDenyWriteExecute=true
 
 [Install]
 WantedBy=multi-user.target
+