On a Linux system, TCP ports in a reserved range (typically less than 1024) can only be bound by processes with root privilege. If we’re trying to bind a port in a Linux environment less 1024, we will receive a “Permission denied” error.
Listen tcp :80: bind: permission denied
So we should do either:
- Use a port number larger than 1024
- Run the script as a privileged user
Reason for bind: permission denied in Linux
Ports below 1024 are called Privileged Ports and in Linux (and most UNIX flavors and UNIX-like systems), they are not allowed to be opened by any non-root user. This is a security feature originally implemented as a way to prevent a malicious user from setting up a malicious service on a well-known service port.
How to fix bind: permission denied in Linux
- If using Linux 2.6.24 or later, we can set up a file capability on the file executable, to give elevated privileges to allow opening privileged ports only, and no other superuser privileges:
- #sudo setcap cap_net_bind_service+ep /path/to/bin/file
- Set up a firewall on the server using iptables or an alternative, so that the lower port number is forwarded internally to a higher port number
- $ sudo iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 3000
- Install and configure Apache or nginx as a reverse proxy server, which can be started as root to open the port
- Run our application with sudo command