Re: Re: Install on Linux
  By: Todd Yatzook to Bradley D. Thornton on Sat Aug 31 2019 11:07 am

 > On 31 Aug 2019, Bradley D. Thornton said the following...
 >
 >  BD> Should I be creating an account on the system for Mystic to
run under or install as root?
 >
 > I read the couple replies after this, and didn't know that Mystic
switches to the owner. BUT, on some installs of Linux, running sudo in a
bash script
 > or
 > something similar to launch on startup can be a little complicated,
with my experience having to pipe the password in plain text. An RPi with
Raspbian
 > will happily let you run sudo without a password in a terminal or bash
 > script; Mint won't, for example.

I think perhaps, if you want to use sudo, you could just put them in the
sudoers file with visudo and adjust so they can run whatever particular
shell commands they need. That could restrict them down.

 >
 > What I do is install with sudo, then chown and chmod the Mystic
directory recursively:
 >
 > Then just run:
 >
 > setcap 'cap_net_bind_service=+ep' /mystic/mis
 >
 > to allow non-su to run on ports lower than 1024 for that particular
program, MIS.
 >
 > Then you never have to deal with sudo to run Mystic again.

I do that with some things, like Pleroma and recently I wanted Gitea to run
on a low port as the git user, because I run SSHD on non-standard ports but
wanted Gitea listening with its own SSH server on TCP 22.

For MIS, however, since it drops privs I just set it up to run with systemd
on Debian Bullseye.

Thanks for that Todd :) I like seeing all the different ways people like to
do things.
--- SBBSecho 3.09-Linux