Skip to content

Remove root check at startup#40

Open
marek22k wants to merge 1 commit into
troglobit:masterfrom
marek22k:disable-root-check
Open

Remove root check at startup#40
marek22k wants to merge 1 commit into
troglobit:masterfrom
marek22k:disable-root-check

Conversation

@marek22k

@marek22k marek22k commented Sep 9, 2025

Copy link
Copy Markdown
Contributor

Background: A process, especially a long-running process that has contact with the outside world, should not have to start with privileged access. With the help of the capabilities system, it is possible to assign individual required permissions to the process and thus also dispense with root privileges (example CapabilityBoundingSet/AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW in systemd).

Closes #39, #42

Background: A process, especially a long-running process that has contact with the outside world, should not have to start with privileged access. With the help of the capabilities system, it is possible to assign individual required permissions to the process and thus also dispense with root privileges (example `CapabilityBoundingSet/AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW` in systemd).

Signed-off-by: Marek Küthe <m.k@mk16.de>
@marek22k

Copy link
Copy Markdown
Contributor Author

"It works for me" ... great, thanks for the help. So, I asked because I didn't remember what decision I made in the other projects, and now I've checked myself since you were too lazy to bother, the conclusion is -- all the other projects have the same check. One of the many reasons for this is that all of these multicast routing daemons run on all UNIX systems out there with the MROUTING kernel stack, not just Linux. So I'm going to have to ask you to take that into account when reworking this patch.

As far as I understand the source code, the root check does not request any rights or similar, but simply terminates the program if it is not executed as root. Therefore, any option to execute the program without privileges is removed.
If I run the program on BSD (or another Unix OS) without root privileges, this change means that I no longer receive a error, but instead another error is thrown (for example, on Linux `pim6sd: 19:38:49.173 MLD6 socket: Operation not permitted).

Alternatively, to cover both user-friendliness and my use case, I could keep the root check but only issue a warning (no error that terminates the program). What do you think is better?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant