Skip to content

Relinquish Process Privileges in Node.js

View on Twitter

💡 Running Node.js as root so you can bind to ports 80/443?

👉🏼 You can relinquish privileges with "process.setuid()" & "process.setguid()" to reduce the damage potential in case of a breach. Do this right after the app starts.

Inside the callback function for server.listen, change process user with process.setuid('nodejs') and process.setguid('nodejs') to relinquish privileges and reduce damage potential in case of a breach.

Download the VPS Security Cheatsheet

Use this FREE security cheatsheet to not miss a step when securing your VPS.

A preview of the VPS Security Cheatsheet.

You'll also get tips on building scalable Node.js applications about twice a month. I respect your email privacy. Unsubscribe any time.

You might also like
Add Public Key to Server With ssh-copy-id Read tip
Convert cURL to JavaScript Fetch Read tip
Secure Your VPS: Enable Automatic Updates Read tip