[linux] Is there a way for non-root processes to bind to "privileged" ports on Linux?

With systemd, you just need to slightly modify your service to accept preactivated sockets.

You can later use systemd socket activate.

No capabilities, iptables or other tricks are needed.

This is content of relevant systemd files from this example of simple python http server

File httpd-true.service

[Unit]
Description=Httpd true 

[Service]
ExecStart=/usr/local/bin/httpd-true
User=subsonic

PrivateTmp=yes

File httpd-true.socket

[Unit]
Description=HTTPD true

[Socket]
ListenStream=80

[Install]
WantedBy=default.target

Examples related to linux

grep's at sign caught as whitespace How to prevent Google Colab from disconnecting? "E: Unable to locate package python-pip" on Ubuntu 18.04 How to upgrade Python version to 3.7? Install Qt on Ubuntu Get first line of a shell command's output Cannot connect to the Docker daemon at unix:/var/run/docker.sock. Is the docker daemon running? Run bash command on jenkins pipeline How to uninstall an older PHP version from centOS7 How to update-alternatives to Python 3 without breaking apt?

Examples related to root

SQLSTATE[HY000] [1698] Access denied for user 'root'@'localhost' Connect to docker container as user other than root MySQL user DB does not have password columns - Installing MySQL on OSX vagrant login as root by default adb shell su works but adb root does not Android: adbd cannot run as root in production builds How to get domain root url in Laravel 4? Import Certificate to Trusted Root but not to Personal [Command Line] How to check if running as root in a bash script Access Denied for User 'root'@'localhost' (using password: YES) - No Privileges?

Examples related to ipv6

What is IPV6 for localhost and 0.0.0.0? Make docker use IPv4 for port binding How to set java.net.preferIPv4Stack=true at runtime? what does "dead beef" mean? How can I convert IPV6 address to IPV4 address? Get IPv4 addresses from Dns.GetHostEntry() Is there a way for non-root processes to bind to "privileged" ports on Linux? How do ports work with IPv6? Maximum length of the textual representation of an IPv6 address? Regular expression that matches valid IPv6 addresses

Examples related to iptables

Connection refused to MongoDB errno 111 How can I use iptables on centos 7? Adding a rule in iptables in debian to open a new port iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) iptables LOG and DROP in one rule How can I remove specific rules from iptables? iptables block access to port 8000 except from IP address Iptables setting multiple multiports in one rule Is there a way for non-root processes to bind to "privileged" ports on Linux?

Examples related to linux-capabilities

Is there a way for non-root processes to bind to "privileged" ports on Linux?