Update README with instructions for setcap non-root use
On Linux you can run it listening on port 53 without root privs. This is the best option: clients still send on port 53 (no wonky configs) and AdGuard doesn't run as root (!).
This commit is contained in:
parent
fd8860a389
commit
9fdf946fc0
16
README.md
16
README.md
@ -91,7 +91,21 @@ Now open the browser and navigate to http://localhost:3000/ to control your AdGu
|
||||
|
||||
### Running without superuser
|
||||
|
||||
You can run AdGuard Home without superuser privileges, but you need to instruct it to use a different port rather than 53. You can do that by editing `AdGuardHome.yaml` and finding these two lines:
|
||||
You can run AdGuard Home without superuser privileges, but you need to either grant the binary a capability (on Linux) or instruct it to use a different port (all platforms).
|
||||
|
||||
#### Granting the CAP_NET_BIND_SERVICE capability (on Linux)
|
||||
|
||||
To allow AdGuard Home running on Linux to listen on port 53 without superuser privileges, run:
|
||||
|
||||
```bash
|
||||
sudo setcap CAP_NET_BIND_SERVICE=+eip ./AdGuardHome
|
||||
```
|
||||
|
||||
Then run `./AdGuardHome` as a unprivileged user.
|
||||
|
||||
#### Changing the DNS listen port
|
||||
|
||||
To configure AdGuard Home to listen on a port that does not require superuser privileges, edit `AdGuardHome.yaml` and find these two lines:
|
||||
|
||||
```yaml
|
||||
dns:
|
||||
|
Loading…
Reference in New Issue
Block a user