I needed a quick and dirty way to allow a non-root user to use lower ports. This is because I’m starting to launch docker containers where the CMD process is run as a non-root user. The first container I thought this might work well for is my docker-ncat-proxy container which runs ncat as the nobody user.

Using linux capabilities, we can set a binary to be launched without locking its binding capabilities using the setcap command.

Here is the end of my Dockerfile that enables ncat to work as the user nobody:

RUN setcap 'cap_net_bind_service=+ep' $(which ncat)

USER nobody

CMD ["/etc/run"]

pretty fancy:) Thanks stackoverflow users!

Mario Loria is a builder of diverse infrastructure with modern workloads on both bare-metal and cloud platforms. He's traversed roles in system administration, network engineering, and DevOps. You can learn more about him here.