#node-userdown
It is not recommended to run application with root user permission specially in production. But most of the time, we need to bind apps into port 80, which requires root privileges.
- Fortunately, NodeJS has a
process.setuid
api to step down user priviledges. - Unfortunately, not most of the apps(frameworks) do not follow this api. So in that case we might need to use some other approach like port forwarding.
userdown
gives you another solution for that, which allows you to stepdown any NodeJS app. This does not use child_process
API and does not add any additional process overhead. Instead userdown
wrap http
module for get things done.
npm install userdown
userdown USERDOWN_UID=nobody USERDOWN_GID=nobody examples/port80server.js