Running tmate-slave as non-root user

[siddharth99]

I wanted to confirm what all steps need to be taken to run tmate server without root privileges; I am able to compile file and run using a random large port but when I try to access this tmate server by creating a tmate session I get - fatal: Need root priviledges

As far as I understand I should be able to run without root as long as I'm not interested in using port 22.

[jwhett]

I yield to the maintainers and their recommendations, but here's a stab at some things to look into...

Source modification

Changing the port and removing root

You might be interested in the following lines of tmate.h:

#ifdef DEVENV
#define TMATE_SSH_DEFAULT_PORT 2200
#else
#define TMATE_SSH_DEFAULT_PORT 22      // <--- This
#endif

Removing root requirement

You would also need to comment this out in tmate-slave.c in jail():

      if (getuid() != 0)
                tmate_fatal("Need root priviledges");

Notes:

• Perhaps make a block in your ~/.ssh/config to make connecting to a non-standard Port for that host easier.

No source modification

Config

Change the port in ${TMATE_DIR}/.tmate.conf:

set -g tmate-server-port 2222

Kernel Capabilities

If you must run something below 1024 without root, you might want to have a look at kernel capabilites. Specifically cap_net_bind_service.

Notes:

• you'll need root to set the capabilities
  • checkout getcap and setcap
• any modifications to the tmate-slave executable will erase any capabilities you've set.
• you may need more than just that capability to run the service entirely without root, but it's a place to start 😉

Good luck!

[whereswaldon]

In addition to what @jwhett said above, you need these capabilities on the binary:

$ getcap tmate-slave
tmate-slave = cap_setgid,cap_setuid,cap_net_bind_service,cap_sys_chroot,cap_sys_admin+ep