You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current Meshtastic Native Daemon systemd script runs as the root user, which is generally considered a security risk. Additionally, it lacks automatic service restarts in case of failure and doesn't limit resource consumption effectively.
Proposed Changes
Change the service user and group to a dedicated "meshtastic" user.
Add the “meshtastic” user to the 995(spi), 994(i2c), and 993(gpio) groups on Raspberry Pi OS.
Add automatic service restarts on failure.
Set resource limits (such as CPU weight) to prevent excessive resource usage.
Add AmbientCapabilities=CAP_NET_BIND_SERVICE to the systemd script.
This discussion was converted from issue #3747 on October 07, 2024 12:44.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Platform
NRF52, ESP32
Description
The current Meshtastic Native Daemon systemd script runs as the root user, which is generally considered a security risk. Additionally, it lacks automatic service restarts in case of failure and doesn't limit resource consumption effectively.
Proposed Changes
AmbientCapabilities=CAP_NET_BIND_SERVICEto the systemd script.Example Modified systemd Script
Please review and provide feedback!
Beta Was this translation helpful? Give feedback.
All reactions