From 9684a8ae4f2e423b62752efc479852f0f4ee1380 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20K=C3=BCthe?= Date: Mon, 8 Sep 2025 21:11:22 +0000 Subject: [PATCH] Add option to bypass root check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Background: A process, especially a long-running process that has contact with the outside world, should not have to start with privileged access. With the help of the capabilities system, it is possible to assign individual required permissions to the process and thus also dispense with root privileges (example `CapabilityBoundingSet/AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW` in systemd). Signed-off-by: Marek Küthe --- src/main.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/main.c b/src/main.c index 920c479..8a6485d 100644 --- a/src/main.c +++ b/src/main.c @@ -109,6 +109,7 @@ char *progname; static int foreground = 0; static int sighandled = 0; +static int bypass_root_check = 0; #define GOT_SIGINT 0x01 #define GOT_SIGHUP 0x02 @@ -168,6 +169,7 @@ int usage(int rc) " -f FILE Configuration file, default: %s\n" " -h Show this help text\n" " -n Run in foreground, do not detach from controlling terminal\n" + " -r Bypass root check on startup\n" " -v Show program version\n" "\n", progname, configfilename); @@ -234,7 +236,7 @@ main(argc, argv) snprintf(versionstring, sizeof(versionstring), "pim6sd version %s", VERSION); - while ((ch = getopt(argc, argv, "d:f:hnv")) != EOF) { + while ((ch = getopt(argc, argv, "d:f:hnrv")) != EOF) { switch (ch) { case 'd': debug = debug_parse(optarg); @@ -256,6 +258,10 @@ main(argc, argv) case 'v': puts(versionstring); return 0; + + case 'r': + bypass_root_check = 1; + break; default: return usage(1); @@ -265,7 +271,7 @@ main(argc, argv) if (optind < argc) return usage(1); - if (geteuid() != 0) + if (geteuid() != 0 && !bypass_root_check) errx(1, "Need root privileges to start."); log_fp = stderr;