Repository : ssh://git@open-mesh.org/alfred
On branch : master
commit be4d7277471cd361c5760bb375163ba1e34d4978 Author: Sven Eckelmann sven@narfation.org Date: Thu Mar 5 09:12:31 2015 +0100
alfred: Add explanation how to run alfred as non-root user
Reported-by: MK mailing.m1@kkk-web.de Signed-off-by: Sven Eckelmann sven@narfation.org Signed-off-by: Simon Wunderlich sw@simonwunderlich.de
be4d7277471cd361c5760bb375163ba1e34d4978 README | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
diff --git a/README b/README index 90a99de..2bb4f9b 100644 --- a/README +++ b/README @@ -256,6 +256,32 @@ To get JSON formatted output, use:
See gpsd_json(5) for documentation of the tpv object.
+Running alfred as non-root user +------------------------------- + +Alfred currently requires special capabilities and access rights to work +correctly. The user root is normally the only user having these +capabilities/rights on a standard Linux system. + +Operations requiring special capabilities: + + * bind to device + * creating the unix socket + * accessing the debugfs filesystem + +The first operation can still be executed when the admin grants the special +capability CAP_NET_RAW to anyone executing the alfred binary. The unix socket +can also be moved using the parameter '-u' to a different directory which can +be accessed by the user. + + $ sudo setcap cap_net_raw+ep alfred + $ ./alfred -u alfred.sock -i eth0 + +The user running alfred must still be in a group which is allowed to access +/sys/kernel/debugfs to correctly choose best neighbors for communication. +It is possible (but not recommended) to disable the neighbor +selection/prioritization using the parameter '-b none'. + License -------