Run as nonroot user on Linux (with CAP_NET_ADMIN and CAP_NET_RAW added).

- ZT will only drop root privileges if zerotier-one user exists. It is created by Debian postinst script - in other cases the user has to be created by administrator. - Linux >=4.3 with ambient capabilities is required, otherwise ZT will silently - "-U" option now also disables privileges dropping
2025-08-21 05:43:59 -07:00 · 2016-10-16 13:35:29 +02:00 · 2016-10-16 13:35:29 +02:00 · 344a25c133
commit 344a25c133
parent 88e3fe699c
5 changed files with 197 additions and 3 deletions
--- a/make-linux.mk
+++ b/make-linux.mk
@ -111,8 +111,8 @@ endif

 all:	one manpages

-one:	$(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o
-	$(CXX) $(CXXFLAGS) $(LDFLAGS) -o zerotier-one $(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o $(LDLIBS)
+one:	$(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o osdep/LinuxDropPrivileges.o
+	$(CXX) $(CXXFLAGS) $(LDFLAGS) -o zerotier-one $(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o osdep/LinuxDropPrivileges.o $(LDLIBS)
 	$(STRIP) zerotier-one
 	ln -sf zerotier-one zerotier-idtool
 	ln -sf zerotier-one zerotier-cli