README.md: add instructions to run under unprivileged user

This commit is contained in:
Martin Weinelt 2015-04-12 19:13:22 +02:00
parent 7322a14274
commit 6f97932ea2

View file

@ -8,9 +8,6 @@ ffmap-backend gathers information on the batman network by invoking :
* alfred-json and * alfred-json and
* batadv-vis * batadv-vis
In order to use alfred-json and batadv-vis make sure the user running this
backend is allowed to access alfred's socket.
The output will be written to a directory (`-d output`). The output will be written to a directory (`-d output`).
Run `backend.py --help` for a quick overview of all available options. Run `backend.py --help` for a quick overview of all available options.
@ -21,6 +18,32 @@ For the script's regular execution add the following to the crontab:
* * * * * backend.py -d /path/to/output -a /path/to/aliases.json --vpn ae:7f:58:7d:6c:2a d2:d0:93:63:f7:da * * * * * backend.py -d /path/to/output -a /path/to/aliases.json --vpn ae:7f:58:7d:6c:2a d2:d0:93:63:f7:da
</pre> </pre>
# Running as unprivileged user
Some information collected by ffmap-backend requires access to specific system resources.
Make sure the user you are running this under is part of the group that owns the alfred socket, so
alfred-json can access the alfred daemon.
# ls -al /var/run/alfred.sock
srw-rw---- 1 root alfred 0 Mar 19 22:00 /var/run/alfred.sock=
# adduser map alfred
Adding user `map' to group `alfred' ...
Adding user map to group alfred
Done.
$ groups
map alfred
Running batctl requires passwordless sudo access, because it needs to access the debugfs to retrive
the gateway list.
# echo 'map ALL = NOPASSWD: /usr/sbin/batctl' | tee /etc/sudoers.d/map
map ALL = NOPASSWD: /usr/sbin/batctl
# chmod 0440 /etc/sudoers.d/map
That should be everything. The script automatically detects if it is run in unprivileged mode and
will prefix `sudo` where necessary.
# Data format # Data format
## nodes.json ## nodes.json