[SOLVED] Breaking openhab service when elevating Java Network Permissions

  • Platform information:
    • Hardware: Raspberry 3, 1GB, 16Gb SD CARD
    • OS: Buster
    • Java Runtime Environment: Zulu
    • openHAB version: 2.4 stable

since this is my first post I’d first like to thank everybody for their work, tips and tricks they share. I started using openhab around 2 years ago and up until now I could solve almost all problems I encountered by reading posts and trying to understand (most times failing, but getting better). Since I am a linux novice I hope somebody can help me.

The problem I encounter concerns the command to grant and elevate Java Network Permissions posted in the official installation tutorial

setcap 'cap_net_raw,cap_net_admin=+eip cap_net_bind_service=+ep' $(realpath /usr/bin/java)

First of all I am promted to execute ist as root and the result is always that the openhab service does not start anymore

openhab2.service - openHAB 2 - empowering the smart home
Loaded: loaded (/usr/lib/systemd/system/openhab2.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2019-08-22 20:55:25 CEST; 844ms ago
Docs: https://www.openhab.org/docs/
Process: 11359 ExecStart=/usr/share/openhab2/runtime/bin/karaf $OPENHAB_STARTMODE (code=exited, status=127)
Main PID: 11359 (code=exited, status=127)

The solution I found to get openhab to start again is to install Java again.
The reason I “need” to elevate the JAVA rights is that the network binding does not work with arping and my hope is that the elevated rights vor JAVA will fix that.
What am I doing wrong, or is this a bug?

You don’t need elevated writes to use arping, at least not in that way. The line you want from the Network binding docs is

On Linux and MacOS elevated access permissions may be needed, for instance by making the executable a suid executable ( chmod u+s /usr/sbin/arping ).

You just need to run that command on the arping executable and it should work. You only need to elevate the network permissions to use dhcp listen for the Network binding. But even for that, there is a solution in the docs to configure your firewall to move the DHCP port messages to a port OH can bind to without elevated permissions.

You only really need to run setcap if you are using the Dash Button binding. I know of no other binding that requires it.

I’ve submitted a PR to remove mention of the Network binding from that section in the installation instructions.

Wow that was quick … Thanks for the reply. That means back to trying to get arping to work. Right now it only works on the command line.
But thank your answer. I think the installation guide should be changed.