@@ -1,10 +1,15 @@
//go:build darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
// +build darwin dragonfly freebsd linux netbsd openbsd solaris
+// This is an example of binding soft-serve ssh port to a restricted port (<1024) and
+// then droping root privileges to a different user to run the server.
+// Make sure you run this as root.
+
package main
import (
"context"
+ "flag"
"fmt"
"log"
"net"
@@ -17,31 +22,29 @@ import (
"github.com/charmbracelet/soft-serve/server"
)
-const (
- port = 22
- gid = 1000
- uid = 1000
-)
-
var (
- addr = fmt.Sprintf(":%d", port)
+ port = flag.Int("port", 22, "port to listen on")
+ gid = flag.Int("gid", 1000, "group id to run as")
+ uid = flag.Int("uid", 1000, "user id to run as")
)
func main() {
+ flag.Parse()
+ addr := fmt.Sprintf(":%d", *port)
// To listen on port 22 we need root privileges
ls, err := net.Listen("tcp", addr)
if err != nil {
log.Fatalf("Can't listen: %s", err)
}
// We don't need root privileges any more
- if err := syscall.Setgid(gid); err != nil {
+ if err := syscall.Setgid(*gid); err != nil {
log.Fatalf("Setgid error: %s", err)
}
- if err := syscall.Setuid(uid); err != nil {
+ if err := syscall.Setuid(*uid); err != nil {
log.Fatalf("Setuid error: %s", err)
}
cfg := config.DefaultConfig()
- cfg.Port = port
+ cfg.Port = *port
s := server.NewServer(cfg)
done := make(chan os.Signal, 1)