extern/endlessh
1
0
Fork 1
mirror of https://github.com/skeeto/endlessh.git synced 2024-11-29 00:13:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

add optional AmbientCapabilities to systemd unit

Browse Source 
If a user wants to bind to a privileged port (<1024) our current systemd unit fails to provide enough capabilities to endlessh binary.

So, a user can modify `/etc/endlessh/config` to have `Port=22` or similar and then check out the systemd unit to enable the extra attribute.
This commit is contained in:
Cengiz Can 2019-05-13 15:14:06 +03:00 committed by GitHub
parent 964a860634
commit 4321fe93e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
util/endlessh.service
View File

@ -21,6 +21,13 @@ PrivateTmp=true
PrivateDevices=true PrivateDevices=true
ProtectSystem=full ProtectSystem=full
ProtectHome=true ProtectHome=true
## If you want Endlessh to bind on ports < 1024
## 1) run:
## setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
## 2) uncomment following line
#AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true NoNewPrivileges=true
ConfigurationDirectory=endlessh ConfigurationDirectory=endlessh
PrivateUsers=true PrivateUsers=true
@ -31,3 +38,4 @@ MemoryDenyWriteExecute=true
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target