Anyone had any luck getting caddy to run under a non-root user account on OSX?
Unfortunately OSX doesn’t have
setcap available and the nearest thing I’ve found which looks like it should do the job is OSX-authbind. Unfortunately I’ve not had much luck getting it working.
Ive added the following files to
/etc/authbind/byport/, chowned them to my user and chmod 755’ed them:
$ ls -al /etc/authbind/byport -rwxr-xr-x 1 myusername staff 0 27 Sep 12:30 443 -rwxr-xr-x 1 myusername staff 0 27 Sep 12:30 80
From my understanding of authbind’s pretty sparse documentation, that should do the trick by allowing processes started by me [ie. the Caddy process] to access ports 80 and 443. However, when I issue the command
authbind caddy I get the following error:
fatal error: runtime: bsdthread_register error (unset DYLD_INSERT_LIBRARIES) runtime stack: runtime.throw(0x64264c, 0x3f) /usr/local/go/src/runtime/panic.go:566 +0x95 fp=0x7fff5fbff9e0 sp=0x7fff5fbff9c0 runtime.goenvs() /usr/local/go/src/runtime/os_darwin.go:86 +0x85 fp=0x7fff5fbffa10 sp=0x7fff5fbff9e0 runtime.schedinit() /usr/local/go/src/runtime/proc.go:450 +0x9c fp=0x7fff5fbffa50 sp=0x7fff5fbffa10 runtime.rt0_go(0x7fff5fbffa88, 0x1, 0x7fff5fbffa88, 0x0, 0x0, 0x1, 0x7fff5fbffbb0, 0x0, 0x7fff5fbffbb6, 0x7fff5fbffbc5, ...) /usr/local/go/src/runtime/asm_amd64.s:145 +0x14f fp=0x7fff5fbffa58 sp=0x7fff5fbffa50
I’ve no idea where to even start dissecting that one. Can anyone give me a clue?