|
|
|
|
|
|
by ruxkor
4938 days ago
|
|
|
setcap solves the problem in the wrong way in this scenario imho: With setcap, any user could run node with a node script using ports < 1024. What would be more useful is the ability to allow a _user_ to open a privileged port. In my option mappu's answer is the right way to go, i.e. using authbind to allow a certain user to open a port or a range of ports. |
|
|
(Hmm, did parent just edit his comment ? He didn't mention authbind when I hit reply, did he ?)
From the man page: authbind allows a program which does not or should not run as root to bind to low-numbered ports in a controlled way. The shared library loaded using LD_PRELOAD overrides the bind(2) system call. When a program invoked via authbind calls bind to bind a socket to a low-numbered TCP/IP port, and if the program doesn't already have an effective uid of 0, the version of bind supposed by authbind forks and executes a setuid-root helper program.
You can create configuration file like /etc/authbind/byport/port and use standard linux file permissions to allow certain non-root users to bind to ports < 1024