我试图用非root用户在docker映像(继承自microsoft/aspnetcore)内运行一个veery简单的hello world aspnetcore应用程序,并且出现此错误:Aspnetcode与非root用户在Linux中运行
crit: Microsoft.AspNetCore.Server.Kestrel[0] Unable to start Kestrel. System.AggregateException: One or more errors occurred. (Error -13 EACCES permission denied) ---> Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvException: Error -13 EACCES permission denied at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.ThrowError(Int32 statusCode) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.tcp_bind(UvTcpHandle handle, SockAddr& addr, Int32 flags) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvTcpHandle.Bind(ServerAddress address) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.TcpListenerPrimary.CreateListenSocket() at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Listener.b__8_0(Object state) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.ListenerPrimary.d__12.MoveNext() --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelEngine.CreateServer(ServerAddress address) at Microsoft.AspNetCore.Server.Kestrel.KestrelServer.Start[TContext](IHttpApplication`1 application) ---> (Inner Exception #0) Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvException: Error -13 EACCES permission denied at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.ThrowError(Int32 statusCode) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.tcp_bind(UvTcpHandle handle, SockAddr& addr, Int32 flags) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvTcpHandle.Bind(ServerAddress address) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.TcpListenerPrimary.CreateListenSocket() at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Listener.b__8_0(Object state) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.ListenerPrimary.d__12.MoveNext()<---
似乎aspnetcore不能没有root权限运行,而且在某些情况下具有非常有限的安全策略root用户不允许运行泊坞窗图像的主要过程。
是否有任何方式在非root用户的Linux中运行aspnetcore应用程序?
由于相同的安全策略,Sudo选项无效。
谢谢,
这就是Linux的工作原理。对于所有端口<= 1024,您需要root绑定到 – Tseng
在附注上,您绝不应该在端口80上运行ASP.NET Core,因为这是大多数Web服务器用作默认端口的端口。这个问题表明你可能会尝试直接将ASP.NET Core应用程序暴露给互联网。 **不要这样做** Kestrel(现在)不应该作为面向互联网的服务器,并且总是在反向代理(apache,nginx,iis)之后运行,唯一的例外是WebListener被批准用于IFS ,但它仅限于Windows – Tseng