1. Forum
  2. fsxNet
  3. FSX GEN

  • Mystic on Raspberry Pi/linux

    From Eku@21:1/999 to All on Thu Jun 2 11:44:19 2022

    Hello,

    Which is the right way to run Mystic BBS on Raspberry Pi?
    Do I have to run it from a local user "./mis server" or "sudo ./mis server"?

    Asking because when running from sudo, server is accepting connections. Otherwis
    e, getting error messages.

    sudo ./mis server

    TELNET Listening on IPV4 port 667 using interface "0.0.0.0"
    TELNET Listening on IPV6 port 667 using interface "::"
    BINKP Listening on IPV4 port 24554 using interface "0.0.0.0"
    BINKP Listening on IPV6 port 24554 using interface "::"

    netstat
    tcp 0 0 0.0.0.0:binkp 0.0.0.0:* LISTEN

    tcp 0 0 0.0.0.0:667 0.0.0.0:* LISTEN

    ./mis server

    TELNET Unable to open IPV4 port: Error -1 (13)
    TELNET Unable to open IPV6 port: Error -1 (13)
    BINKP Listening on IPV4 port 24554 using interface "0.0.0.0"
    BINKP Listening on IPV6 port 24554 using interface "::"

    netstat

    tcp 0 0 0.0.0.0:binkp 0.0.0.0:* LISTEN and no telnet (port:667)

    Regards,
    Eku



    Eku
    Tallinn/EST

    --- Mystic BBS v1.12 A47 2021/12/24 (Raspberry Pi/32)
    * Origin: Red Frog BBS (21:1/999)
  • From Zero Reader@21:4/177 to Eku on Thu Jun 2 08:48:08 2022
    On 02 Jun 2022, Eku said the following...

    Which is the right way to run Mystic BBS on Raspberry Pi?
    Do I have to run it from a local user "./mis server" or "sudo ./mis server"?

    You can run it either way. On Linux, you can't easily bind to certain ports unless you run them as sudo. That's why when you start with sudo ./mis all your lower numbered ports are working OK, because the superuser can handle them.

    I personally run it as a regular user, and just configure it to use higher ports, for example, instead of port 23, I use 2323. My router is configured to send port 23 to the BBS on port 2323.

    According to the Mystic docs, it's fine to start MIS with sudo as you're doing!

    Hope this makes sense.

    -ZR

    ... A Meteor is an example of a rock star.

    --- Mystic BBS v1.12 A48 2022/04/26 (Linux/64)
    * Origin: alcoholidaybbs.com / Est. 1995 / Columbia, SC (21:4/177)
  • From Galahad@21:3/168 to Zero Reader on Thu Jun 2 10:10:14 2022
    Which is the right way to run Mystic BBS on Raspberry Pi?
    Do I have to run it from a local user "./mis server" or "sudo ./mis
    You can run it either way. On Linux, you can't easily bind to certain ports unless you run them as sudo. That's why when you start with sudo
    I personally run it as a regular user, and just configure it to use
    higher ports, for example, instead of port 23, I use 2323. My router is configured to send port 23 to the BBS on port 2323.

    Another good option is to use setcap / CAP_NET_BIND_SERVICE to grant a binary permission to bind to low ports. Note that this has to be run on the binary file itself, not symlinks.

    sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/mis

    After you run that command then MIS should be able to bind to those low ports without sudo. This or Zero Reader's suggestion of using higher ports are probably the best route security wise. Although unlikely, if MIS were to be compromised and it was sudo'd, then the attacker would have admin/write access to the rest of the system.

    You could harden it even further by running MIS in a chroot jail.

    -=-
    Rob

    ... DOS=HIGH? I knew it was on something...

    --- Mystic BBS v1.12 A47 2021/12/25 (Windows/32)
    * Origin: ReTR0aKTiV.com (21:3/168)