如何以非root用户身份运行node.js? [英] How to run node.js as non-root user?

问题描述

我正在运行一个node.js服务器，它将在端口80以及其他端口上为请求提供服务.显然，这需要应用程序以root身份运行(在Linux上).

I'm running a node.js server, that will serve requests on port 80 amongst others. Clearly this requires the application running as root (on Linux).

查看此帖子( http://syskall.com/dont -run-node-dot-js-as-root )作为示例，很明显，有简单的方法允许节点以非root用户身份运行，但是我想知道是否有人对建议使用不同方法的优缺点:

Looking at this post (http://syskall.com/dont-run-node-dot-js-as-root) as an example it's clear that there are simple ways to allow node to be run as a non-root user, but I'm wondering if anyone has views on the advantages/disadvantages of the different methods suggested:

1. 代码:在侦听端口80之后，使用setuid()从root用户降级为非特权用户.

1. code: use setuid() to drop down from root to non-priviledged user after listening on port 80 is established.

使用某种代理服务器将请求重定向到端口> 1024(因此不需要节点以root身份运行)

using a proxy server of some sort to redirect requests to a port >1024 (and so not need node to run as root)

使用IP表转发到另一个端口(ditto节点不会以root身份运行)

using IP tables to forward to another port (ditto node would not run as root)

谢谢

推荐答案

选项1要求您以root用户身份启动节点服务器.不理想.

Option 1 requires you launch the node server as root. Not ideal.

选项2增加了每个已处理请求的开销，并向堆栈增加了另一个故障点.

Option 2 adds overhead to every handled request and adds another failure point to your stack.

选项3是最简单，最有效的方法.

Option 3 Is the simplest and most efficient method.

要实现选项3，请将以下内容添加到系统初始化脚本中. (在基于RedHat的系统(如AWS)上为/etc/rc.d/rc.local.

To implement Option 3, add the following to your system init scripts. (/etc/rc.d/rc.local on RedHat based systems like AWS).

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000

这会将请求从端口80重定向到端口3000.

That will redirect requests from port 80 to port 3000.

这篇关于如何以非root用户身份运行node.js?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！