Allow mox serve to run unprivileged

[tzvetkoff]

Well, I converted this to a pull request since I guess we can think a little bit more on going forward with this.

As discussed and mentioned by @mjl- in #194, I don't see a clear path going forward with CAP_NET_BIND_SERVICE, so I'm dropping this one (even though at least FreeBSD provides a way to do that using sysctl but I find it insecure since it allows privileged ports to everyone.)

[thenktor]

(even though at least FreeBSD provides a way to do that using sysctl but I find it insecure since it allows privileged ports to everyone.)

In FreeBSD you would do it that way. Example from caddy post-install script:

Note while Caddy currently defaults to running as root:wheel, it is strongly
recommended to run the server as an unprivileged user, such as www:www --

- Use security/portacl-rc to enable privileged port binding:

  # pkg install security/portacl-rc
  # sysrc portacl_users+=www
  # sysrc portacl_user_www_tcp="http https"
  # sysrc portacl_user_www_udp="https"
  # service portacl enable
  # service portacl start

- Configure caddy to run as www:www

  # sysrc caddy_user=www caddy_group=www

The last one is an option for the caddy rc (service startup) script, that then will start caddy with specified user. The other stuff should be self explaining: allow a user www to bind ports "http https".