How to allow a Docker container to bind a privileged port as another user?

Question

I have a docker-compose.yaml file where I override the user that is used to run the container process using the user directive:

version: "3.3"
services:
    front:
        image: "ghcr.io/hexil-org/hexer-front:latest"
        restart: "unless-stopped"
        user: "1002:1002"

In the container, a webserver needs to be opened on port 80, however, this fails with the following error:

httpd: bind: Permission denied

From what I understand, this fails because 80 is a privileged port that cannot be opened by a user other than root. Is there any way to allow the user in the Docker container to open port 80?

score 0 · Accepted Answer · answered Aug 21 '22 at 22:30

0

You can change the value of the net.ipv4.ip_unprivileged_port_start sysctl so that the container user is able to bind port 80. You would modify your docker-compose.yml file like this:

version: "3.3"
services:
  front:
    image: "ghcr.io/hexil-org/hexer-front:latest"
    restart: "unless-stopped"
    user: "1002:1002"
    sysctl:
      net.ipv4.ip_unprivileged_port_start: 0

This will allow an unprivileged process to bind to all low numbered ports.

answered Aug 21 '22 at 22:30

larsks

41,276
13
117
170

This should also be set by default in Docker, so the OP may just need to upgrade. – BMitch Aug 22 '22 at 00:40
Thank you, this worked for me after upgrading my kernel from 3.10 to 5.4. – Xxmarijnw Aug 22 '22 at 17:04

How to allow a Docker container to bind a privileged port as another user?

1 Answers1