refactor(setcap-netbind): update bash to style, update docs

diff --git a/setcap-netbind/README.md b/setcap-netbind/README.md
index 47431ab4478d652cdd48eff1a7ed7dc0e177a6e2..6169094300a89be249c48637550305e78b9d0912 100644 (file)
--- a/setcap-netbind/README.md
+++ b/setcap-netbind/README.md
@@ -1,23 +1,64 @@
 ---
 title: setcap-netbind
 ---
 title: setcap-netbind

-homepage: https://github.com/webinstall/webi-installers/setcap-netbind/README.md
+homepage: https://github.com/webinstall/webi-installers/setcap-netbind/

 tagline: |
   setcap-netbind: Give a binary the ability to bind to privileged ports.
 ---
 
 tagline: |
   setcap-netbind: Give a binary the ability to bind to privileged ports.
 ---
 

-setcap-netbind will grant the specified program the ability to listen on
+## Cheat Sheet
+
+> Because no one can ever remember `setcap 'cap_net_bind_service=+ep'`.
+> Everybody has to look it up. Every. Time.
+>
+> Well... not anymore.
+>
+> `setcap-netbind` does that ^^, plus it follows links - which is nice.
+
+Gives a command permission to run on privileged ports (80, 443, etc).
+
+```txt
+Usage:
+    sudo setcap-netbind <COMMAND>
+
+Example:
+    sudo setcap-netbind node
+```
+
+`setcap-netbind` will grant the specified program the ability to listen on

 privileged ports, such as 80 (http) and 443 (https) without root privileges or
 privileged ports, such as 80 (http) and 443 (https) without root privileges or

-sudo. It seeks out the specified binary in your path and reads down symlinks to
-make usage as painless as possible.
+`sudo`. It seeks out the specified binary in your path and reads down symlinks
+to make usage as painless as possible.

 
 

-## Cheat Sheet
+**_Note_**: Capability binding is specific to a particular binary file. You'll
+need to rerun `setcap-netbind <COMMAND>` each time you upgrade or reinstall a
+command.
+
+# How to use plain setcap
+
+These two commands are equivalent:

 
 ```bash
 sudo setcap-netbind node
 ```
 
 
 ```bash
 sudo setcap-netbind node
 ```
 

-This is the same as running the full command:
-

 ```bash
 ```bash

-sudo setcap 'cap_net_bind_service=+ep' $(readlink -f $(which node))
+sudo setcap 'cap_net_bind_service=+ep' "$(readlink -f "$(command -v node)")"

 ```
 ```

+
+The benefit of `setcap-netbind` is simply that it's easier to remember (and will
+auto-complete with tab), and it will follow symbolic links. \
+(`setcap` will not work on symlinks - probably as a security measure)
+
+<!--
+
+# Security
+
+This is intended for use on single-user Desktops, single-user VPS systems,
+ephemeral cloud instances, etc.
+
+(note to self: not sure how to say this because it won't matter to most people
+and could sound scary - yet their alternative solution is probably much worse,
+so... probably best to let them use this and be _more_ secure than scare them
+with the nuance details - if you know, you know... y'know?)
+
+-->

diff --git a/setcap-netbind/install.sh b/setcap-netbind/install.sh
index b30f73b610f8e98dd1e5f78b0e008b548ab8536a..e232fb1550ddfeb5269878c243dca89e08bd3311 100644 (file)
--- a/setcap-netbind/install.sh
+++ b/setcap-netbind/install.sh
@@ -1,10 +1,18 @@
 #!/bin/bash
 #!/bin/bash

+set -e
+set -u

 
 

-{
-    set -e
-    set -u
+function __install_setcap_netbind() {
+    # remove prior version, if exists
+    rm -f ~/.local/bin/setcap-netbind

 
 

-    rm -f "$HOME/.local/bin/setcap-netbind"
-    webi_download "$WEBI_HOST/packages/setcap-netbind/setcap-netbind.sh" "$HOME/.local/bin/setcap-netbind"
-    chmod a+x "$HOME/.local/bin/setcap-netbind"
+    # download latest version, directly to ~/.local/bin
+    webi_download \
+        "$WEBI_HOST/packages/setcap-netbind/setcap-netbind.sh" \
+        ~/.local/bin/setcap-netbind
+
+    # make executable
+    chmod a+x ~/.local/bin/setcap-netbind

 }
 }

+
+__install_setcap_netbind

diff --git a/setcap-netbind/setcap-netbind.sh b/setcap-netbind/setcap-netbind.sh
index 08f1fea56df743dca26ac95f542b93ea566f3f2b..97620b5d541c9f3446502b1dc4f297e4cda30a59 100644 (file)
--- a/setcap-netbind/setcap-netbind.sh
+++ b/setcap-netbind/setcap-netbind.sh
@@ -1,17 +1,26 @@
 #!/bin/bash
 #!/bin/bash

+set -e
+set -u

 
 

-{
-    set -e
-    set -u
+my_bin="${1}"
+# ex: node
+if [ -z "$(command -v "${my_bin}")" ]; then
+    echo "setcap-netbind: '${my_bin}' not found"
+    exit 1
+fi

 
 

-    my_bin="$1"
-    if [ -z "$(which $my_bin)" ]; then
-        echo "'$my_bin' not found"
-        exit 1
-    fi
-    my_sudo=""
-    if [ -n "$(command -v sudo)" ]; then
-        my_sudo=sudo
-    fi
-    $my_sudo setcap 'cap_net_bind_service=+ep' $(readlink -f $(which $my_bin))
-}
+my_sudo=""
+if [ -n "$(command -v sudo)" ]; then
+    my_sudo=sudo
+fi
+
+# get full path
+# ex: ~/.local/opt/node/bin/node
+my_bin="$(command -v "${my_bin}")"
+
+# get canonical full path
+# ex: ~/.local/opt/node-v16.13.0/bin/node
+my_bin="$(readlink -f "${my_bin}")"
+
+# ex: sudo setcap 'cap_net_bind_service=+ep' ~/.local/opt/node-v16.13.0/bin/node"
+"${my_sudo}" setcap 'cap_net_bind_service=+ep' "${my_bin}"