#!/bin/bash

# Grant the Python executable the capability to bind to privileged ports (like port 80)
# This is safer than running the entire application as root

echo "Setting up Python to bind to privileged ports..."

# Get the Python executable path and resolve symbolic links
PYTHON_PATH=$(which python3)
REAL_PYTHON_PATH=$(readlink -f "$PYTHON_PATH")
echo "Python path: $PYTHON_PATH"
echo "Real Python path: $REAL_PYTHON_PATH"

# Set the capability on the real executable
sudo setcap 'cap_net_bind_service=+ep' "$REAL_PYTHON_PATH"

if [ $? -eq 0 ]; then
    echo "✓ Successfully granted port binding privileges to Python"
    echo "Your Flask app can now bind to port 80 without running as root"
    
    # Verify the capability was set
    echo "Verifying capability:"
    getcap "$REAL_PYTHON_PATH"
else
    echo "✗ Failed to set capability"
    echo "Make sure you have libcap2-bin installed: sudo apt install libcap2-bin"
fi

echo ""
echo "Note: After setting this capability, you can change your Flask app to use port 80"
echo "Change the port from 5000 to 80 in your app.py file"