Reported-by: MK mailing.m1@kkk-web.de Signed-off-by: Sven Eckelmann sven@narfation.org --- README | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
diff --git a/README b/README index 90a99de..205c156 100644 --- a/README +++ b/README @@ -256,6 +256,32 @@ To get JSON formatted output, use:
See gpsd_json(5) for documentation of the tpv object.
+Running alfred as non-root user +------------------------------- + +Alfred currently requires special capabilities and access rights to work +correctly. The user root is normally the only user having these +capabilities/rights on a standard Linux system. + +Operations requiring special capabilities: + + * bind to device + * creating the unix socket + * accessing the debugfs filesystem + +The first operation can still be executed when the admin grants the special +capability CAP_NET_RAW to anyone executing the alfred binary. The unix socket +can also be moved to a different directly which is accessible by the user by +adding the parameter '-u'. + + $ sudo setcap cap_net_raw+ep alfred + $ ./alfred -u alfred.sock -i eth0 + +The user running alfred must still be in a group which is allowed to access +/sys/kernel/debugfs to correctly choose best neighbors for communication. +It is possible (but not recommended) to disable the neighbor +selection/prioritization using the parameter '-b none'. + License -------
On Saturday 28 February 2015 08:50:42 MK wrote:
Sven Eckelmann wrote:
unix socket +can also be moved to a different directly which is accessible
typo: directly -> directory
Hey,
did you try the patch Sven posted earlier this week? Would be great to add your acked-by or tested-by tag if it resolves your issue. :)
Thanks! Simon
Reported-by: MK mailing.m1@kkk-web.de Signed-off-by: Sven Eckelmann sven@narfation.org --- v2: - fix typo 'directly' -> 'directory'
README | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
diff --git a/README b/README index 90a99de..2bb4f9b 100644 --- a/README +++ b/README @@ -256,6 +256,32 @@ To get JSON formatted output, use:
See gpsd_json(5) for documentation of the tpv object.
+Running alfred as non-root user +------------------------------- + +Alfred currently requires special capabilities and access rights to work +correctly. The user root is normally the only user having these +capabilities/rights on a standard Linux system. + +Operations requiring special capabilities: + + * bind to device + * creating the unix socket + * accessing the debugfs filesystem + +The first operation can still be executed when the admin grants the special +capability CAP_NET_RAW to anyone executing the alfred binary. The unix socket +can also be moved using the parameter '-u' to a different directory which can +be accessed by the user. + + $ sudo setcap cap_net_raw+ep alfred + $ ./alfred -u alfred.sock -i eth0 + +The user running alfred must still be in a group which is allowed to access +/sys/kernel/debugfs to correctly choose best neighbors for communication. +It is possible (but not recommended) to disable the neighbor +selection/prioritization using the parameter '-b none'. + License -------
On Thursday 05 March 2015 09:12:31 Sven Eckelmann wrote:
Reported-by: MK mailing.m1@kkk-web.de Signed-off-by: Sven Eckelmann sven@narfation.org
v2:
- fix typo 'directly' -> 'directory'
Applied in revision be4d727.
Thanks! Simon
b.a.t.m.a.n@lists.open-mesh.org
-
MK -
Simon Wunderlich -
Sven Eckelmann