Support setcap in dev mode (XCADDY_SETCAP)

When I first wrote xcaddy I was on macOS which does not
require permission to bind to low ports. Now I'm on Linux.

The XCADDY_SETCAP env var will cause xcaddy to run setcap
on the generated temporary binary before executing it
so that it can bind to low ports. This requires sudo.

README.md

@@ -125,7 +125,7 @@ Because the subcommands and flags are constrained to benefit rapid plugin protot
 - `CADDY_VERSION` sets the version of Caddy to build.
 - `XCADDY_RACE_DETECTOR=1` enables the Go race detector in the build.
 - `XCADDY_SKIP_CLEANUP=1` causes xcaddy to leave build artifacts on disk after exiting.
-
+- `XCADDY_SETCAP=1` will run `sudo setcap cap_net_bind_service=+ep` on the temporary binary before running it when in dev mode.
 
 ---
 

cmd/xcaddy/main.go

@@ -223,6 +223,16 @@ func runDev(ctx context.Context, args []string) error {
 		return err
 	}
 
+	if os.Getenv("XCADDY_SETCAP") == "1" {
+		cmd = exec.Command("sudo", "setcap", "cap_net_bind_service=+ep", binOutput)
+		cmd.Stdout = os.Stdout
+		cmd.Stderr = os.Stderr
+		log.Printf("[INFO] Setting capabilities (requires admin privileges): %v", cmd.Args)
+		if err = cmd.Run(); err != nil {
+			return err
+		}
+	}
+
 	log.Printf("[INFO] Running %v\n\n", append([]string{binOutput}, args...))
 
 	cmd = exec.Command(binOutput, args...)