If you want to have a python webserver running locally and listening on port 80 – or any other port < 1024, you can do it like this:
$ sudo setcap 'cap_net_bind_service=+ep' /usr/bin/python3.8
This gives the /usr/bin/python3.8
binary the ability to bind to privileged ports without being root. Note that this only works for real files, not symlinks, so this will probably not work, as python
is generally a symlink:
$ sudo setcap 'cap_net_bind_service=+ep' $(which python)`
I wanted this so that the invoke livereload
thing for this blog, could take over from Nginx for local development, giving me incremental live rebuilding & reloading while editing. This happens to use tornado underneath, which is a Python webserver.
Removing Capabilities
If you want to undo this, you do this:
# to remove just that one capability, use -ep
$ sudo setcap 'cap_net_bind_service=-ep' /usr/bin/python3.8
# to see that capabilities on a file
$ getcap /usr/bin/python3.8
# to remove all of them
$ sudo setcap -r /usr/bin/python3.8