Running python webservers on port 80 without root

If you want to have a python webserver running locally and listening on port 80 – or any other port < 1024, you can do it like this:

$ sudo setcap 'cap_net_bind_service=+ep' /usr/bin/python3.8

This gives the /usr/bin/python3.8 binary the ability to bind to privileged ports without being root. Note that this only works for real files, not symlinks, so this will probably not work, as python is generally a symlink:

$ sudo setcap 'cap_net_bind_service=+ep' $(which python)`

I wanted this so that the invoke livereload thing for this blog, could take over from Nginx for local development, giving me incremental live rebuilding & reloading while editing. This happens to use tornado underneath, which is a Python webserver.

Removing Capabilities

If you want to undo this, you do this:

# to remove just that one capability, use -ep
$ sudo setcap 'cap_net_bind_service=-ep' /usr/bin/python3.8

# to see that capabilities on a file
$ getcap  /usr/bin/python3.8

# to remove all of them
$ sudo setcap -r /usr/bin/python3.8

References

The Python Black formatter outputs to stderr, not stdout: The Python Black formatter outputs to stderr, not stdout
Debugging with an existing browser instance, or Brave in VSCode: How to use an existing instance of a browser to debug in VSCode - instead of always launching a new one, or use debug in Brave.
Using git hashes in Vite & VueJS: How to use git hashes - or other environment variables in Vite & Vue 3
Fixing apt: Key is stored in legacy trusted.gpg keyring Warnings: How apy keys work, what .source files are and how to fix Key is stored in legacy trusted.gpg keyring Warnings

Running python webservers on port 80 without root

Tags:

Removing Capabilities

References

Related Posts