From 46af5a3ca3b22ed8716b6a97e06cc6fbcba1d9c3 Mon Sep 17 00:00:00 2001 From: Ryan Burnette Date: Sun, 25 Jul 2021 10:50:55 -0400 Subject: [PATCH] feature: add setcap-netbind --- setcap-netbind/README.md | 23 +++++++++++++++++++++++ setcap-netbind/install.sh | 10 ++++++++++ setcap-netbind/setcap-netbind.sh | 17 +++++++++++++++++ vps-utils/README.md | 8 ++++---- vps-utils/cap-net-bind.sh | 18 +----------------- 5 files changed, 55 insertions(+), 21 deletions(-) create mode 100644 setcap-netbind/README.md create mode 100644 setcap-netbind/install.sh create mode 100644 setcap-netbind/setcap-netbind.sh mode change 100644 => 120000 vps-utils/cap-net-bind.sh diff --git a/setcap-netbind/README.md b/setcap-netbind/README.md new file mode 100644 index 0000000..47431ab --- /dev/null +++ b/setcap-netbind/README.md @@ -0,0 +1,23 @@ +--- +title: setcap-netbind +homepage: https://github.com/webinstall/webi-installers/setcap-netbind/README.md +tagline: | + setcap-netbind: Give a binary the ability to bind to privileged ports. +--- + +setcap-netbind will grant the specified program the ability to listen on +privileged ports, such as 80 (http) and 443 (https) without root privileges or +sudo. It seeks out the specified binary in your path and reads down symlinks to +make usage as painless as possible. + +## Cheat Sheet + +```bash +sudo setcap-netbind node +``` + +This is the same as running the full command: + +```bash +sudo setcap 'cap_net_bind_service=+ep' $(readlink -f $(which node)) +``` diff --git a/setcap-netbind/install.sh b/setcap-netbind/install.sh new file mode 100644 index 0000000..b30f73b --- /dev/null +++ b/setcap-netbind/install.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +{ + set -e + set -u + + rm -f "$HOME/.local/bin/setcap-netbind" + webi_download "$WEBI_HOST/packages/setcap-netbind/setcap-netbind.sh" "$HOME/.local/bin/setcap-netbind" + chmod a+x "$HOME/.local/bin/setcap-netbind" +} diff --git a/setcap-netbind/setcap-netbind.sh b/setcap-netbind/setcap-netbind.sh new file mode 100644 index 0000000..08f1fea --- /dev/null +++ b/setcap-netbind/setcap-netbind.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +{ + set -e + set -u + + my_bin="$1" + if [ -z "$(which $my_bin)" ]; then + echo "'$my_bin' not found" + exit 1 + fi + my_sudo="" + if [ -n "$(command -v sudo)" ]; then + my_sudo=sudo + fi + $my_sudo setcap 'cap_net_bind_service=+ep' $(readlink -f $(which $my_bin)) +} diff --git a/vps-utils/README.md b/vps-utils/README.md index 5d49555..a81dd2c 100644 --- a/vps-utils/README.md +++ b/vps-utils/README.md @@ -8,16 +8,16 @@ tagline: | ## Cheat Sheet > VPS Utils includes shortcut commands for some common tasks, including -> `cap-net-bind`, 'vps-addswap', and 'myip' +> `setcap-netbind`, 'vps-addswap', and 'myip' -**cap-net-bind**: +**setcap-netbind**: -`cap-net-bind` will give the specified program the ability to listen on +`setcap-netbind` will give the specified program the ability to listen on privileged ports, such as 80 (http) and 443 (https) without `root` privileges or `sudo`. ```bash -sudo cap-net-bind node +sudo setcap-netbind node ``` This is the same as running the full command: diff --git a/vps-utils/cap-net-bind.sh b/vps-utils/cap-net-bind.sh deleted file mode 100644 index 08f1fea..0000000 --- a/vps-utils/cap-net-bind.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -{ - set -e - set -u - - my_bin="$1" - if [ -z "$(which $my_bin)" ]; then - echo "'$my_bin' not found" - exit 1 - fi - my_sudo="" - if [ -n "$(command -v sudo)" ]; then - my_sudo=sudo - fi - $my_sudo setcap 'cap_net_bind_service=+ep' $(readlink -f $(which $my_bin)) -} diff --git a/vps-utils/cap-net-bind.sh b/vps-utils/cap-net-bind.sh new file mode 120000 index 0000000..5ea063c --- /dev/null +++ b/vps-utils/cap-net-bind.sh @@ -0,0 +1 @@ +../setcap-netbind/setcap-netbind.sh \ No newline at end of file -- 2.25.1