andrei-tofan/express_app.js

## express_app.js
var express = require('express')
var app = express()

/**
 * After app starts, demote the app to a low privilege user
 */
function demote() {

    if(process.platform != 'linux') {
        return false;
    }

    const userid = require('userid');

    const user_id = userid.uid(process.env.PROCESS_USER || 'www-data');
    const group_id =  userid.gid(process.env.PROCESS_GROUP || 'www-data');

    process.setgid(group_id);
    process.setuid(user_id);
    return true;
}

app.get('/', function (req, res) {
  res.send('Hello World!')
})

app.listen(3000, function () {
  // switch to a low privilege user.
  demote();
  console.log('Example app listening on port 3000!')
})

## notes.md

      
    Raw
  

              notes.md
            
          
    Notes

The app needs root access only to open the http port, after that it can run under a low privilege user.
Reguirements

The userid module is required to get the user id.
Unfortunatly it works only on the linux platform, you will have to add it under optionalDependencies.
	var express = require('express')
	var app = express()

	/**
	* After app starts, demote the app to a low privilege user
	*/
	function demote() {

	if(process.platform != 'linux') {
	return false;
	}

	const userid = require('userid');

	const user_id = userid.uid(process.env.PROCESS_USER \|\| 'www-data');
	const group_id = userid.gid(process.env.PROCESS_GROUP \|\| 'www-data');

	process.setgid(group_id);
	process.setuid(user_id);
	return true;
	}

	app.get('/', function (req, res) {
	res.send('Hello World!')
	})

	app.listen(3000, function () {
	// switch to a low privilege user.
	demote();
	console.log('Example app listening on port 3000!')
	})