Can I run Node.JS with low privileges?

I would like to run node with a low privileges user, is it possible? I need to use the framework Express.js

Problem courtesy of: Dail

Solution

Yes. There are many solutions available to do this, depending on your exact needs.

If you want to run node on port 80, you can use nginx (doesn’t work with WebSockets yet) or haproxy
. But perhaps the quickest and dirtiest is to use iptables to redirect port 80 to the port of your choice:

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8003
sudo iptables -t nat -L

When you’re happy, then save the config and make sure iptables comes on at boot

sudo service iptables save
sudo chkconfig iptables on

To automatically start your nodejs service as non-root, and restart it if it fails, you can utilize upstart
with a script like this:

#!upstart
description "nodeapp"
author      "you"

start on started mountall
stop on shutdown

# Automatically Respawn:
respawn
respawn limit 99 5

script
   export HOME="/home/user/"
   exec sudo -u user /usr/local/bin/node /home/user/app.js 2>&1 >> /home/user/app.log
end script

If you’re on an Amazon EC2 installation, or you get an error that says sudo: sorry, you must have a tty to run sudo
, then you can replace your exec command with this:

#!upstart
description "nodeapp"
author      "you"

start on started mountall
stop on shutdown

# Automatically Respawn:
respawn
respawn limit 99 5

script
   export HOME="/home/user/"
   #amazon EC2 doesn’t allow sudo from script! so use su --session-command
   exec su --session-command="/usr/local/bin/node /home/user/app.js 2>&1 >> /home/user/app.log" user &
end script

And, you didn’t ask this question, but to keep it running forever, check out monit! Here is
a useful guide to setting up node.js
with upstart and monit

.

Solution courtesy of: Kato

您可能感兴趣的

Bug when sending array in node.js and socket.io I use socket.io version 0.8.4 I have boiled down my problem to the following. I have data looking like this: data.prop1 = []; data.prop1.push(...
在Ubuntu 16.04上配置msmtp 这篇文章是在我之前的博客中发表过的在 Ubuntu 16.04 上配置 MSMTP 的一个副本。我再次发表是为了后续,我并不知道它是否能在更高版本上工作。由于我没有再托管自己的 Ubuntu/MSMTP 服务器了,所以我现在看不到有需要更新的地方,但是如果我需要重新设置,我会创建一个更新的...
Linux fgrep Command Tutorial for Beginners (with E... While grep is a well-known Linux command (we'vealready covered it in detail), do you know that there exist two different variants of this tool? Yes, ...
新闻:Node.js平台第8版进入长期支持状态,而Node.js平台第9版则成为了发布线上新的当前版... 我们怀着十分激动的心情宣布,今天晚些时候Node.js平台第8版即将准备发布,到时这版会转移到实际上的长期支持版产品线上,向更广大的用户群体开放,满足用户对稳定性与安全性的需求。 Node.js平台第8.9.0版是第一个正式进入长期支持状态的Node.js 8系列产品 。Node.js平台第8版的...
浅析TCP和nodejs中TCP的简单应用 emmmmmmm... tcp 我们应该都知道,tcp是一种网络协议。 说起网络,在大学学计算机网络的时候,记得老师讲过网络一共分7层,这7层从上到下依次是物理层、数据链路层、网络层、传输层、会话层、表示层和应用层。 我们来看张图: OSI是Open Syst...
Node.js Recipes - The solution to all Node problems责编内容来自:Node.js Recipes - The solution to all Node problems (源链) | 更多关于

阅读提示:酷辣虫无法对本内容的真实性提供任何保证,请自行验证并承担相关的风险与后果!
本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » Can I run Node.JS with low privileges?



专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录