Can I run Node.JS with low privileges?

Question

I would like to run node with a low privileges user, is it possible? I need to use the framework Express.js

Answer 1

Yes. There are many solutions available to do this, depending on your exact needs.

If you want to run node on port 80, you can use nginx (doesn't work with WebSockets yet) or haproxy. But perhaps the quickest and dirtiest is to use iptables to redirect port 80 to the port of your choice:

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8003
sudo iptables -t nat -L

When you’re happy, then save the config and make sure iptables comes on at boot

sudo service iptables save
sudo chkconfig iptables on

To automatically start your nodejs service as non-root, and restart it if it fails, you can utilize upstart with a script like this:

#!upstart
description "nodeapp"
author      "you"

start on started mountall
stop on shutdown

# Automatically Respawn:
respawn
respawn limit 99 5

script
   export HOME="/home/user/"
   exec sudo -u user /usr/local/bin/node /home/user/app.js 2>&1 >> /home/user/app.log
end script

If you're on an Amazon EC2 installation, or you get an error that says sudo: sorry, you must have a tty to run sudo, then you can replace your exec command with this:

#!upstart
description "nodeapp"
author      "you"

start on started mountall
stop on shutdown

# Automatically Respawn:
respawn
respawn limit 99 5

script
   export HOME="/home/user/"
   #amazon EC2 doesn’t allow sudo from script! so use su --session-command
   exec su --session-command="/usr/local/bin/node /home/user/app.js 2>&1 >> /home/user/app.log" user &
end script

And, you didn't ask this question, but to keep it running forever, check out monit! Here is a useful guide to setting up node.js with upstart and monit.