Allow Binaries on Linux to Run on Well Known Privileged Ports
-
If you want to run a normal binary on Linux that will end up using a well known port (that is port 1024 and below, such as 80, 443, 25, etc.) you will generally be blocked by the kernel from doing this for safety reasons. You will need to do a setcap command to allow that binary to bind to that port. Very easy, but very hard to diagnose when things don't work.
setcap CAP_NET_BIND_SERVICE=+eip /path/to/binary
-
An example of this is a Gitea server binary. We have to do this every time that we update the package.
-
-
@Pete-S said in Allow Binaries on Linux to Run on Well Known Privileged Ports:
FYI
https://mangolassi.it/topic/25022/bind-linux-process-to-well-known-web-ports-when-not-rootI THOUGHT I had posted that, but I couldn't find it in a search. lol
-
Yeah, me too.
The search is not particularly good on nodebb.If you search for net_bind you would assume it would find both these post but it finds nothing.
Since this site isn't index by google and others anymore you can't use those to search either.
-
@scottalanmiller said in Allow Binaries on Linux to Run on Well Known Privileged Ports:
Very easy, but very hard to diagnose when things don't work.
Yep, couldn't figure out why MeshCentral wouldn't work after OS upgrade.
This was it. -
@Pete-S said in Allow Binaries on Linux to Run on Well Known Privileged Ports:
The search is not particularly good on nodebb.
Let's face it, it's crap.
-
@Pete-S said in Allow Binaries on Linux to Run on Well Known Privileged Ports:
Since this site isn't index by google and others anymore you can't use those to search either.
Yeah, no kidding. I have no idea why, though.
-
@Pete-S said in Allow Binaries on Linux to Run on Well Known Privileged Ports:
If you search for net_bind you would assume it would find both these post but it finds nothing.
It seems to only search "words", and that isn't a word or part of a word.
-
@Obsolesce said in Allow Binaries on Linux to Run on Well Known Privileged Ports:
@Pete-S said in Allow Binaries on Linux to Run on Well Known Privileged Ports:
If you search for net_bind you would assume it would find both these post but it finds nothing.
It seems to only search "words", and that isn't a word or part of a word.
That does seem to be the case. It's not smart at all.