Support setcap in dev mode (XCADDY_SETCAP)

When I first wrote xcaddy I was on macOS which does not require permission to bind to low ports. Now I'm on Linux. The XCADDY_SETCAP env var will cause xcaddy to run setcap on the generated temporary binary before executing it so that it can bind to low ports. This requires sudo.
caddyserver · Jan 20, 2021 · dabafee · dabafee
1 parent 623c361
commit dabafee
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -125,7 +125,7 @@ Because the subcommands and flags are constrained to benefit rapid plugin protot
 - `CADDY_VERSION` sets the version of Caddy to build.
 - `XCADDY_RACE_DETECTOR=1` enables the Go race detector in the build.
 - `XCADDY_SKIP_CLEANUP=1` causes xcaddy to leave build artifacts on disk after exiting.
-
+- `XCADDY_SETCAP=1` will run `sudo setcap cap_net_bind_service=+ep` on the temporary binary before running it when in dev mode.
 
 ---
 

diff --git a/cmd/xcaddy/main.go b/cmd/xcaddy/main.go
@@ -223,6 +223,16 @@ func runDev(ctx context.Context, args []string) error {
  return err
  }
 
+ if os.Getenv("XCADDY_SETCAP") == "1" {
+ cmd = exec.Command("sudo", "setcap", "cap_net_bind_service=+ep", binOutput)
+ cmd.Stdout = os.Stdout
+ cmd.Stderr = os.Stderr
+ log.Printf("[INFO] Setting capabilities (requires admin privileges): %v", cmd.Args)
+ if err = cmd.Run(); err != nil {
+ return err
+ }
+ }
+
  log.Printf("[INFO] Running %v\n\n", append([]string{binOutput}, args...))
 
  cmd = exec.Command(binOutput, args...)