index 474a8dd3eb3322548373ed61ace690801cc3baf4..95ae19b39dc61f71e56a3949370dd46872203334 100644 (file)
--- a/README
+++ b/README
“--without-perl-bindings”.
“--without-perl-bindings”.
+Permissions
+━━━━━━━━━━━━━
+
+ On UNIX, special permissions are required to open raw sockets (raw(7)). If
+ you compile and install the “oping” and “noping” binaries as normal user
+ (which is strongly suggested), you won't be able to use the binaries as a
+ normal user, because you won't have the permission to open raw sockets.
+
+ The “install” target will automatically try fix this, if it is run with UID~0
+ (as user root). When on Linux, the capabilities described below will be
+ added. On other UNIXes the traditional Set-UID method (also described below)
+ is used instead. The build system will not abort if this fails, because there
+ are file systems which do not support either method. Also, the Debian
+ packaging system and possibly other scenarios only act as if they were
+ running as root.
+
+ Linux
+ ━━━━━
+ On Linux, the preferred method is to assign the required “capability” to the
+ binaries. This will allow the binary to open raw sockets, but doesn't give
+ any other permissions such as reading other users' files or shutting down the
+ system. The downside is that this mechanism is comparatively new: Assigning
+ capabilities to files is available since Linux 2.6.24.
+
+ To set the required capabilities, run (as user root):
+
+ # setcap cap_net_raw=ep /opt/oping/bin/oping
+ # setcap cap_net_raw=ep /opt/oping/bin/noping
+
+ Other UNIX
+ ━━━━━━━━━━
+ Capabilities are a nice but Linux-specific solution. To make “oping” and
+ “noping” available to unprivileged users on other UNIX systems, use the
+ traditional set-UID root solution. If your system supports “saved set-UIDs”
+ (basically all systems do), the applications will drop the privileges during
+ initialization and only regain them when actually opening the socket(s).
+
+ To set the set-UID bit, run (as user root):
+
+ # chown root: /opt/oping/bin/{,n}oping
+ # chmod u+s /opt/oping/bin/{,n}oping
+
+
Licensing terms
━━━━━━━━━━━━━━━
Licensing terms
━━━━━━━━━━━━━━━
Author
━━━━━━
Author
━━━━━━
- Florian octo Forster <octo at verplant.org>
+ Florian “octo” Forster <ff at octo.it>