I needed a quick and dirty way to allow a non-root user to use lower ports. This is because I'm starting to launch docker containers where the CMD process is run as a non-root user. The first container I thought this might work well for is my docker-ncat-proxy container which runs ncat as the nobody user.

Using linux capabilities, we can set a binary to be launched without locking its binding capabilities using the setcap command.

Here is the end of my Dockerfile that enables ncat to work as the user nobody:

RUN setcap 'cap_net_bind_service=+ep' $(which ncat)

USER nobody

CMD ["/etc/run"]

pretty fancy:) Thanks stackoverflow users!

Blog Logo

Mario Loria


Published

Image

./scriptthe.net

Because 127.0.0.1 gets old after a while.

Back to Overview