I have been attempting to get Serviio (java based DLNA server) running on SME8. Serviio mostly works, but I am having issues with permissions/rights for the service account. This is not a HowTo yet, as I need to solve this permissions problem.
Serviio uses multicast to advertise, so requires root or some form of CAP_NET_* rights.
For security, however, I want to use a non-root account.
So, I create an ibay serviio - this creates a user/group serviio and somewhere for the Serviio php web-console.
I install OpenJDK java (yum install java-1.7.0-icedtea ffmeg --enablerepo=rpmforge)
unzip the serviio files into /opt/serviio
chown -R serviio:serviio /opt/serviio
I create a /var/service/serviio directory
touch /var/service/serviio/down
make file run containing
#!/bin/sh
cd /opt/serviio
exec 2>&1
exec setuidgid serviio /opt/serviio/bin/serviio.sh
Then I build the rest of the service settings. I also had to set access rights for serviio into the media library directorys (by chmod/setfacl for shared-folders).
serviio.sh just sets the java environment and classpath, and then executes java in the foreground.
This works as it stands, but the log shows errors when trying to do a multicast service advertisement, due to restrictions on multicast operations to non-root users. This stops some media devices from finding the DLNA server.
I can't figure out how to start serviio with enough rights to do multicast but without running as root (which I don't want to do). I suspect that I need to use some sort of setuid, but can't work it out.
Any thoughts?
Si