Update README with instructions for setcap non-root use

On Linux you can run it listening on port 53 without root privs.  This is the best option: clients still send on port 53 (no wonky configs) and AdGuard doesn't run as root (!).
This commit is contained in:
Mordy Ovits 2018-12-31 12:08:10 -05:00 committed by hmage
parent fd8860a389
commit 9fdf946fc0

View File

@ -91,7 +91,21 @@ Now open the browser and navigate to http://localhost:3000/ to control your AdGu
### Running without superuser
You can run AdGuard Home without superuser privileges, but you need to instruct it to use a different port rather than 53. You can do that by editing `AdGuardHome.yaml` and finding these two lines:
You can run AdGuard Home without superuser privileges, but you need to either grant the binary a capability (on Linux) or instruct it to use a different port (all platforms).
#### Granting the CAP_NET_BIND_SERVICE capability (on Linux)
To allow AdGuard Home running on Linux to listen on port 53 without superuser privileges, run:
```bash
sudo setcap CAP_NET_BIND_SERVICE=+eip ./AdGuardHome
```
Then run `./AdGuardHome` as a unprivileged user.
#### Changing the DNS listen port
To configure AdGuard Home to listen on a port that does not require superuser privileges, edit `AdGuardHome.yaml` and find these two lines:
```yaml
dns: