Can I use the setcap command to do cap_net_bind_service (on Ubuntu 14.04)

Posted June 17, 2014

I want to allow a non-root user to bind to a port below 1024 (specifically port 443, but not SSL). The user will be running a node.js server if that matters. The Droplet does not exist yet, but is planned to be Ubuntu 14.04. I have successfully used setcap with the cap_net_bind_service option to achieve this on a dedicated server. Can I do this on a Droplet?

gazilla

Submit an answer

You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Andrew SB • June 17, 2014

Sure. You have full root access to the server. I personally think using iptables port redirection might be simpler. You could do something like: <pre> iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 5000 </pre>