X-Git-Url: https://git.tokkee.org/?p=liboping.git;a=blobdiff_plain;f=README;h=8611d7c65f748db7aa37be32b4126e8811cc8c02;hp=52711b350d84d8730ac4a92f414e8ae92f8bb316;hb=HEAD;hpb=dcf7b2920ddf9c337f1eabb8b7159cc2ec567344

diff --git a/README b/README
index 52711b3..8611d7c 100644
--- a/README
+++ b/README
@@ -1,6 +1,6 @@
  liboping â Library to ping IPv4 and IPv6 hosts in parallel
 ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
-http://verplant.org/liboping/
+http://noping.cc/
 
 About
 âââââ
@@ -35,6 +35,49 @@ Perl bindings
   â--without-perl-bindingsâ.
 
 
+Permissions
+âââââââââââââ
+
+  On UNIX, special permissions are required to open raw sockets (raw(7)). If
+  you compile and install the âopingâ and ânopingâ binaries as normal user
+  (which is strongly suggested), you won't be able to use the binaries as a
+  normal user, because you won't have the permission to open raw sockets.
+
+  The âinstallâ target will automatically try fix this, if it is run with UID~0
+  (as user root).  When on Linux, the capabilities described below will be
+  added. On other UNIXes the traditional Set-UID method (also described below)
+  is used instead. The build system will not abort if this fails, because there
+  are file systems which do not support either method. Also, the Debian
+  packaging system and possibly other scenarios only act as if they were
+  running as root.
+
+  Linux
+  âââââ
+  On Linux, the preferred method is to assign the required âcapabilityâ to the
+  binaries. This will allow the binary to open raw sockets, but doesn't give
+  any other permissions such as reading other users' files or shutting down the
+  system. The downside is that this mechanism is comparatively new: Assigning
+  capabilities to files is available since Linux 2.6.24.
+
+  To set the required capabilities, run (as user root):
+
+    # setcap cap_net_raw=ep /opt/oping/bin/oping
+    # setcap cap_net_raw=ep /opt/oping/bin/noping
+
+  Other UNIX
+  ââââââââââ
+  Capabilities are a nice but Linux-specific solution. To make âopingâ and
+  ânopingâ available to unprivileged users on other UNIX systems, use the
+  traditional set-UID root solution. If your system supports âsaved set-UIDsâ
+  (basically all systems do), the applications will drop the privileges during
+  initialization and only regain them when actually opening the socket(s).
+
+  To set the set-UID bit, run (as user root):
+
+    # chown root: /opt/oping/bin/{,n}oping
+    # chmod u+s   /opt/oping/bin/{,n}oping
+
+
 Licensing terms
 âââââââââââââââ