From 826151b5c0ed0fed255673e0645fb5140f3f6cb6 Mon Sep 17 00:00:00 2001 From: Ainar Garipov Date: Thu, 29 Oct 2020 17:37:07 +0300 Subject: [PATCH] add information about linux capabilities --- Getting-Started.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/Getting-Started.md b/Getting-Started.md index 5ad0b0b..5b72d90 100644 --- a/Getting-Started.md +++ b/Getting-Started.md @@ -153,18 +153,20 @@ This setup will automatically cover all the devices connected to your home route 5. Choose ’Use the following DNS server addresses’ and enter your AdGuard Home address there. -## Running without superuser (linux only) +## Running without superuser (Linux only) You can run AdGuard Home without superuser privileges, but you need to either grant the binary a capability (on Linux) or instruct it to use a different port (all platforms). -#### Granting the CAP_NET_BIND_SERVICE capability (on Linux) +#### Granting the necessary capabilities -Note: using this method requires the `setcap` utility. You may need to install it using your Linux distribution's package manager. +Using this method requires the `setcap` utility. You may need to install it +using your Linux distribution's package manager. -To allow AdGuard Home running on Linux to listen on port 53 without superuser privileges, run: +To allow AdGuard Home running on Linux to listen on port 53 without superuser +privileges, as well as bind to a particular interface run: ```bash -sudo setcap CAP_NET_BIND_SERVICE=+eip ./AdGuardHome +sudo setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' ./AdGuardHome ``` Then run `./AdGuardHome` as a unprivileged user.