+- Kodi Community Forum (https://forum.kodi.tv)
+-- Forum: Development (https://forum.kodi.tv/forumdisplay.php?fid=32)
+--- Forum: Kodi Application (https://forum.kodi.tv/forumdisplay.php?fid=93)
+--- Thread: Kodi Webserver on Port 80. Underlying weirdness that I don't understand. (/showthread.php?tid=354529)
Kodi Webserver on Port 80. Underlying weirdness that I don't understand. - ThumbOne - 2020-05-18
OK, the goal is simple. I run Kodi on a dedicated HTPC. Nothing is on port 80 and I want to make it easy for family to use the web interface. Trivial rally. So Wanted to put Kodi's webservice on port 80.
It's running on a Linux box (mint 19.3) and this will of OS dependent but fairly Linux generic. Essentially low numbered ports are reserved for use by root only and I can run Kodi on port 80 as root without drama. All good. But that is no solution, an app as comolex as Kodi should under no circumstances be running as root.
So now comes the oddness. There are ways and means to do this on Linux.
Method 1: authbind
Easy enough I installed authbind, I configured it. I even tested with
Code:
nc -l 80Code:
nc: Permission deniedCode:
authbind --deepMethod 2: setcap
In modern Linux you can grant binaries specific capabilities and a fairly standard solutuion for permitting the binding to port 80 (or all low numbered ports really) looks like:
Code:
sudo setcap cap_net_bind_service+ep /usr/bin/kodiMethod 3: rerouting
OK this works:
Code:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080What blows my mind is that authbind and setcap fail.
Has anyone got a clue why that might be?
RE: Kodi Webserver on Port 80. Underlying weirdness that I don't understand. - wsnipex - 2020-05-18
setcap should work, but you have to set it on the real binary, which changes depending on platform, e.g. /usr/lib/x86_64-linux-gnu/kodi/kodi-x11
/usr/bin/kodi is just a wrapper script
RE: Kodi Webserver on Port 80. Underlying weirdness that I don't understand. - ThumbOne - 2020-05-18
(2020-05-18, 12:20)wsnipex Wrote: setcap should work, but you have to set it on the real binary, which changes depending on platform, e.g. /usr/lib/x86_64-linux-gnu/kodi/kodi-x11
/usr/bin/kodi is just a wrapper script
Doh! I must be half asleep to have missed that. authbind too has issues with shell scripts. Will drill into that.
RE: Kodi Webserver on Port 80. Underlying weirdness that I don't understand. - ThumbOne - 2020-05-19
Bad news. Didn't work.
Checked in the process tree to confirm the binary (as that shell script is a tad tedious to read) and yes it was indeed as you described so:
Code:
sudo setcap cap_net_bind_service+ep /usr/lib/x86_64-linux-gnu/kodi/kodi-x11Code:
$ getcap /usr/lib/x86_64-linux-gnu/kodi/kodi-x11
getcap /usr/lib/x86_64-linux-gnu/kodi/kodi-x11 = cap_net_bind_service+ep
RE: Kodi Webserver on Port 80. Underlying weirdness that I don't understand. - wsnipex - 2020-05-19
how do you start kodi? If you use a systemd service you need to set capabilities in the service file
RE: Kodi Webserver on Port 80. Underlying weirdness that I don't understand. - ThumbOne - 2020-05-19
(2020-05-19, 08:19)wsnipex Wrote: how do you start kodi? If you use a systemd service you need to set capabilities in the service file
By running /usr/bin/kodi.
When testing from a terminal window. In day to day use from a desktop shortcut that runs that usually. Which is just a drag drop form a Cinnamon menu item. Which in practice is a file called Kodi.desktop that contains:
Code:
[Desktop Entry]
Version=1.0
Name=Kodi
GenericName=Media Center
Comment=Manage and view your media
Exec=kodi
Icon=kodi
Terminal=false
Type=Application
Categories=AudioVideo;Video;Player;TV;
Actions=Fullscreen;Standalone;
[Desktop Action Fullscreen]
Name=Open in fullscreen
Exec=kodi -fs
[Desktop Action Standalone]
Name=Open in standalone mode
Exec=kodi --standaloneCode:
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/gamesCode:
$ which kodi
/usr/bin/kodi