Nginx: bind() to 0.0.0.0:80 failed (13: Permission denied)

Requirement is to start NGinx other than root user

  1. Added entry tp /etc/sudoers for specific user as below:
    gvp ALL=(ALL) NOPASSWD: ALL

  2. Tried starting NGinx as gvp user, below error thrown:
    nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

  3. Some blog says:
    https://www.ruby-forum.com/topic/201522
    you have to start it as root, users don’t have privs to open ports below
    1024

What is the solution here pls.?

Best regards,
Maddy

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,264319,264319#msg-264319

smsmaddy1981 [email protected] [2016-02-04 00:03]:

Requirement is to start NGinx other than root user

  1. Added entry tp /etc/sudoers for specific user as below:
    gvp ALL=(ALL) NOPASSWD: ALL

  2. Tried starting NGinx as gvp user, below error thrown:
    nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

As user gvp, do you run

sudo /etc/init.d/nginx start

or

     /etc/init.d/nginx start

?

The former works, at least for me.


Lukas Ruf http://www.lpr.ch | Ad Personam
Consecom http://www.consecom.com | Ad Laborem

Hi Lukas,
as below:

[[email protected] (TEST1) /var/gvp/Nginx/nginx-1.8.0/sbin] ./nginx
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

Best regards,
Maddy

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,264319,264338#msg-264338

Hi Maddy,

Op 4-2-2016 om 13:31 schreef smsmaddy1981:

[[email protected] (TEST1) /var/gvp/Nginx/nginx-1.8.0/sbin] ./nginx
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
You edited the sudoers file to allow gvp to run programs as root.
In order to do so, you have to put “sudo” in front of the command, which
stands for “do as super user”.

In this case, your line would’ve been instead:

[[email protected] (TEST1) /var/gvp/Nginx/nginx-1.8.0/sbin] sudo ./nginx

As a side-note, allowing every single program to be run as superuser
without the necessity of a password can pose a big security threat if
your account is ever compromised.

Kind regards,

Danil

Hi Maddy,

In Linux (and most other Unix based systems) ports below 1024 need to be
opened using the root user. So you need to start NGINX as root which
will open the port and then drop down to an unprivileged user for the
port.

Kind Regards
Andrew

On 04/02/16 12:31, smsmaddy1981 wrote:

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,264319,264338#msg-264338


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


Andrew H. (LinuxJedi)
Technical Product Manager, NGINX Inc.

@Daniel,
You were true on the side-note, sudo prefixed command for NGinx actions
will
cause an serious threat. I missed the note…

@Andrew
also stated “In Linux (and most other Unix based systems) ports below
1024
need to be opened using the root user. So you need to start NGINX as
root
which will open the port and then drop down to an unprivileged user for
the
port.”

Is there a way to achieve this?

I am not sure, if the below is relevant?
http://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-1024-on-l

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,264319,264365#msg-264365

also stated “In Linux (and most other Unix based systems) ports below 1024
need to be opened using the root user. So you need to start NGINX as root
which will open the port and then drop down to an unprivileged user for the
port.”

Is there a way to achieve this?

Configure the user directive so that the workers run unprivileged:
http://nginx.org/r/user

Thanks Andrew, Daniel…

I am able to restart NGinx as gvp user now with the suggested command:

sudo ./nginx
sudo ./nginx -s stop
sudo ./nginx -s reload

Thanks for supporting here.

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,264319,264347#msg-264347

Hi Lukas,
Any other reference on the user directive usage please?

Best Regards,
Maddy

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,264319,264450#msg-264450

As you’re using a ‘privileged’ port ( ie one with a value lower than
approx 1000 ), the process needs to be run by a superuser. You can set
it up through sudo to reduce the risk for an ordinary user.

On 02/13/2016 07:22 AM, smsmaddy1981 wrote:

Any other feasibility to achieve restart of Nginx from user other than root?

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,264319,264498#msg-264498


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


Steve H. BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa

Any other feasibility to achieve restart of Nginx from user other than
root?

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,264319,264498#msg-264498

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs