deb/rpm packages: attempt to set the cap_net_bind_service capability

so the service can bind to privileged ports without running as root user

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>

docs/full-configuration.md

@@ -398,6 +398,8 @@ $ getcap /usr/bin/sftpgo
 
 Now you can use privileged ports such as 21, 22, 443 etc.. without running the SFTPGo service as root user. You have to set the `cap_net_bind_service` capability each time you update the `sftpgo` binary.
 
+The "official" deb/rpm packages attempt to set the `cap_net_bind_service` capability in their `postinstall` scripts.
+
 An alternative method is to use `iptables`, for example you run the SFTP service on port `2022` and redirect traffic from port `22` to port `2022`:
 
 ```shell

pkgs/build.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-NFPM_VERSION=2.13.0
+NFPM_VERSION=2.14.0
 NFPM_ARCH=${NFPM_ARCH:-amd64}
 if [ -z ${SFTPGO_VERSION} ]
 then

pkgs/debian/postinst

@@ -35,6 +35,8 @@ if [ "$1" = "configure" ]; then
     chmod 750 /srv/sftpgo
   fi
 
+  # set the cap_net_bind_service capability so the service can bind to privileged ports
+  setcap cap_net_bind_service=+ep /usr/bin/sftpgo || true
 fi
 
 #DEBHELPER#

pkgs/scripts/deb/postinstall.sh

@@ -35,6 +35,9 @@ if [ "$1" = "configure" ]; then
     chmod 750 /srv/sftpgo
   fi
 
+  # set the cap_net_bind_service capability so the service can bind to privileged ports
+  setcap cap_net_bind_service=+ep /usr/bin/sftpgo || true
+
 fi
 
 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then

pkgs/scripts/rpm/postinstall

@@ -32,5 +32,8 @@ if [ -d /var/lib/sftpgo ]; then
     /usr/bin/chmod 750 /var/lib/sftpgo
 fi
 
+# set the cap_net_bind_service capability so the service can bind to privileged ports
+setcap cap_net_bind_service=+ep /usr/bin/sftpgo || :
+
 # reload to pick up any changes to systemd files
 /bin/systemctl daemon-reload >/dev/null 2>&1 || :