It's very annoying to have this limitation on my development box, when there won't ever be any users other than me.
I'm aware of the standard workarounds, but none of them do exactly what I want:
Okay, thanks to the people who pointed out the capabilities system and
CAP_NET_BIND_SERVICE capability. If you have a recent kernel, it is indeed possible to use this to start a service as non-root but bind low ports. The short answer is that you do:
setcap 'cap_net_bind_service=+ep' /path/to/program
And then anytime
program is executed thereafter it will have the
setcap is in the debian package
Now for the caveats:
programthat has elevated privileges like
suid. So if your
programuses its own
.../lib/, you might have to look into another option like port forwarding.
Note: RHEL first added this in v6.