I can use any PORT
above 1023 with server.listen(PORT)
in an nvm-installed node. How can I use system ports (e.g. below 1024) with a non-privileged user?
On our Ubuntu 16.04 servers I used to do this:
sudo setcap CAP_NET_BIND_SERVICE=+eip `readlink -f \`which node\``
However, we've upgraded to Ubuntu 18.04 and it doesn't seem to work anymore. I'm seeing the following error:
Error listen EACCES 0.0.0.0:925
This happens with all ports below 1024, so it's not just a one-off case of port being already in use.
Why wouldn't this work (anymore)? I must be missing something, or things have changed since Ubuntu 18.04.
Check that the partition from which the executable is started is not mounted with nosuid
.
getcap
will not help with the troubleshooting, as it will show the attributes as set on the filesystem and not the actual capabilities available at run time.
You can check the run-time capabilities in /proc/PID/status
.
They should look like
CapPrm: 0000000000000400
CapEff: 0000000000000400
CapBnd: 0000003fffffffff
On my nosuid
partition, they were like this.
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 0000003fffffffff
Hope it helps. I was only able to find this out after consulting with a friend :)