Ubuntu Non-Root NodeJS Permissions On Port 80

On Linux based systems non-root users are blocked from connecting to ports below port 1024, including port 80 which is our standard HTTP port most often used by NodeJS, and so permission must either be granted at runtime using sudo to execute with root permissions or by granting permissions at the system level.  Our goal is to run our application from a standard non-root user over port 80 but keep that user’s permission restrictions in place otherwise for security reasons.

To enable access to the lower ports including port 80 for standard non-root users, you can run the following commands to install libcap2 and grant permissions:

sudo apt-get install libcap2-bin 
sudo setcap cap_net_bind_service=+ep `readlink -f \`which node\``

Keep in mind that this will allow any Node process to connect to ports 1-1024, and so your security practices should take that in to account if your system can be accessed by others, and avoid leaving running anything like a shell script for example that could be used to exploit the server.

If you upgrade or downgrade the version of Node installed on your system you may need to grant permissions again as libcap2 sets permissions for the specific executable in place at the time, and so you would just run the same command again, minus the libcap2 installation line:

sudo setcap cap_net_bind_service=+ep `readlink -f \`which node\``

 

I hope this has saved you some time, have fun!

Leave a Reply