Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save chairco/99342c9e5d7fba51e1b8f69a7b5ccf11 to your computer and use it in GitHub Desktop.
Save chairco/99342c9e5d7fba51e1b8f69a7b5ccf11 to your computer and use it in GitHub Desktop.
Allow Node.js to bind to privileged ports without root access on Ubuntu

How to: Allow Node to bind to port 80 without sudo

TL;DR

Only do this if you understand the consequences: all node programs will be able to bind on ports < 1024

sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/node

Important: your node location may vary. Use which node to find it, or use it directly in the command:

sudo setcap 'cap_net_bind_service=+ep' `which node`

Explanation

In UNIX-like systems, non-root users are unable to bind to ports lower than 1024.

This is a nuisance when proxying adresses on port 80. Tipically, you end up sudoing all apps that must bind to such ports.

However, since kernel 2.6.24, you can use the setcap command to set specific capabilities to a program.

To enable all node programs to bind on any port lower than 1024, issue the following command:

sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/node

Voilà! You can now bind to port 80 without sudoing.

If your node binary isn't on this path, find it with whereis node and substitute /usr/local/bin/node for wherever it is.

Important Caveat

setcap functions per-program. Therefore, if you update your node version you will probably need to run this command again.


source: http://stackoverflow.com/a/414258

@Jibun-no-Kage
Copy link

How does one undo this configuration?

@SeryiBaran
Copy link

SeryiBaran commented Jul 18, 2022

How does one undo this configuration?

I also have such a question

@Jibun-no-Kage
Copy link

I figured it out you can just do the same command with '-' (minus) symbol. So 'cap_net_bind_service=-ep' should remove the configuration.

@SeryiBaran
Copy link

I figured it out you can just do the same command with '-' (minus) symbol. So 'cap_net_bind_service=-ep' should remove the configuration.

Thank you!
My solution:

sudo setcap -r ~/n/bin/node

@Jibun-no-Kage
Copy link

Ah, that is cool too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment