Update README with instructions for setcap non-root use
On Linux you can run it listening on port 53 without root privs. This is the best option: clients still send on port 53 (no wonky configs) and AdGuard doesn't run as root (!).
This commit is contained in:
parent
fd8860a389
commit
9fdf946fc0
16
README.md
16
README.md
|
@ -91,7 +91,21 @@ Now open the browser and navigate to http://localhost:3000/ to control your AdGu
|
||||||
|
|
||||||
### Running without superuser
|
### Running without superuser
|
||||||
|
|
||||||
You can run AdGuard Home without superuser privileges, but you need to instruct it to use a different port rather than 53. You can do that by editing `AdGuardHome.yaml` and finding these two lines:
|
You can run AdGuard Home without superuser privileges, but you need to either grant the binary a capability (on Linux) or instruct it to use a different port (all platforms).
|
||||||
|
|
||||||
|
#### Granting the CAP_NET_BIND_SERVICE capability (on Linux)
|
||||||
|
|
||||||
|
To allow AdGuard Home running on Linux to listen on port 53 without superuser privileges, run:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo setcap CAP_NET_BIND_SERVICE=+eip ./AdGuardHome
|
||||||
|
```
|
||||||
|
|
||||||
|
Then run `./AdGuardHome` as a unprivileged user.
|
||||||
|
|
||||||
|
#### Changing the DNS listen port
|
||||||
|
|
||||||
|
To configure AdGuard Home to listen on a port that does not require superuser privileges, edit `AdGuardHome.yaml` and find these two lines:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
dns:
|
dns:
|
||||||
|
|
Loading…
Reference in New Issue