Subj : Re: Install on Linux
To   : Todd Yatzook
From : Bradley D. Thornton
Date : Sun Sep 01 2019 07:12 am

  Re: Re: Install on Linux
  By: Todd Yatzook to Bradley D. Thornton on Sat Aug 31 2019 11:07 am

 > On 31 Aug 2019, Bradley D. Thornton said the following...
 >
 >  BD> Should I be creating an account on the system for Mystic to run under or install as root?
 >
 > I read the couple replies after this, and didn't know that Mystic switches to the owner. BUT, on some installs of Linux, running sudo in a bash script
 > or
 > something similar to launch on startup can be a little complicated, with my experience having to pipe the password in plain text. An RPi with Raspbian
 > will happily let you run sudo without a password in a terminal or bash
 > script; Mint won't, for example.

I think perhaps, if you want to use sudo, you could just put them in the sudoers file with visudo and adjust so they can run whatever particular shell commands they need. That could restrict them down.

 >
 > What I do is install with sudo, then chown and chmod the Mystic directory recursively:
 >
 > Then just run:
 >
 > setcap 'cap_net_bind_service=+ep' /mystic/mis
 >
 > to allow non-su to run on ports lower than 1024 for that particular program, MIS.
 >
 > Then you never have to deal with sudo to run Mystic again.

I do that with some things, like Pleroma and recently I wanted Gitea to run on a low port as the git user, because I run SSHD on non-standard ports but wanted Gitea listening with its own SSH server on TCP 22.

For MIS, however, since it drops privs I just set it up to run with systemd on Debian Bullseye.

Thanks for that Todd :) I like seeing all the different ways people like to do things.

.