Relinquish Process Privileges in Node.js

View on Twitter

💡 Running Node.js as root so you can bind to ports 80/443?

👉🏼 You can relinquish privileges with "process.setuid()" & "process.setguid()" to reduce the damage potential in case of a breach. Do this right after the app starts.

Inside the callback function for server.listen, change process user with process.setuid('nodejs') and process.setguid('nodejs') to relinquish privileges and reduce damage potential in case of a breach.

A preview of the VPS Security Cheatsheet.

Download the VPS Security Cheatsheet

No spam! 🙅🏻‍♀️ Unsubscribe at any time.