Comment by deceptive-footy
3 years ago
Could be wrong here but I believe you only need to run as root once for setup. The daemon can be run as a non-root user just fine
Source: that's how I run it on Arch
3 years ago
Could be wrong here but I believe you only need to run as root once for setup. The daemon can be run as a non-root user just fine
Source: that's how I run it on Arch
Are you sure? I set up tailscale recently on Arch and the daemon is definitely running via a systemd system service (not a user service).
I don't know the case for tailscale but systemd system services can definitely be run under a specific user/group and have sandboxing applied.
You can easily override the service unit to confine it to an unprivileged user and then assign the net admin syscap do it can do what it needs to do.