Running python webservers on port 80 without root

If you want to have a python webserver running locally and listening on port 80 – or any other port < 1024, you can do it like this:

$ sudo setcap 'cap_net_bind_service=+ep' /usr/bin/python3.8

This gives the /usr/bin/python3.8 binary the ability to bind to privileged ports without being root. Not that this only works for real files, not symlinks, so sudo setcap 'cap_net_bind_service=+ep' $(which python) will probably not work.

I wanted this so that the invoke livereload thing for this blog, could take over from Nginx for local development, giving me incremental live rebuilding & reloading while editing. This happens to use tornado underneath, which is a Python webserver.


Related Posts