19

I am trying to get a node.js site live on port 80 (I am using Digital Ocean). I doing this using systemd with in service file

...
ExecStart=/usr/bin/nodejs /var/www/bin/app.js
...

On localhost this works fine on port 80 if I use sudo to start the site, but not without sudo. Apparently you need to run as root for ports below 1024.

How do I allow sudo in the ExecStart? Or am I going completely the wrong way here and if so, how do I get the express app on port 80?

Cheers, Mike

Improve this question

2 Answers 2

Reset to default
27

Systemd starts the executable stated in ExecStart= as root by default.

However, if you have specified User= or Group= in your service file overriding that default, and still need to run an executable that requires sudo, prepend the command with the absolute path to your sudo location:

...
ExecStart=/usr/bin/sudo /usr/bin/nodejs /var/www/bin/app.js
...
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This results in Unable to locate executable '/usr/bin/sudo': Permission denied on Bluefin
8

Systemd starts the executable stated in ExecStart= as root by default. This means if you haven't specified User= or Group= in our service file, your binary is started privileged.

You can verify this by starting id, or whoami program. Ex: ExecStart=/usr/bin/id or ExecStart=/usr/bin/whoami (note the path for the programs might be different for you)

Improve this answer

4 Comments

I have indeed specified a Group (non-root), but I would like to keep it that way as it is good practice not to run websites as root. How can I work around my problem?
You need to have a .socket unit for the port which listens on it as privileged user. Then systemd passes your service the socket. It needs code modifications on nodejs to make it systemd socket activation though.
I tried require('systemd'); var port = process.env.LISTEN_PID > 0 ? 'systemd' : 3050; app.set('port', port); but no luck so far.
in the end I used sudo setcap cap_net_bind_service=+ep /usr/bin/nodejs to allow nodejs to publish on ports below 1024

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.