I needed a quick and dirty way to allow a non-root user to use lower ports. This is because I’m starting to launch docker containers where the CMD process is run as a non-root user. The first container I thought this might work well for is my docker-ncat-proxy container which runs ncat as the nobody user.
Using linux capabilities, we can set a binary to be launched without locking its binding capabilities using the
Here is the end of my Dockerfile that enables ncat to work as the user nobody:
RUN setcap 'cap_net_bind_service=+ep' $(which ncat) USER nobody CMD ["/etc/run"]
pretty fancy:) Thanks stackoverflow users!