5

I'm trying to run a veery simple hello world aspnetcore application inside a docker image (that inherits from microsoft/aspnetcore) with non-root user and I'm getting this error:

crit: Microsoft.AspNetCore.Server.Kestrel[0] Unable to start Kestrel. System.AggregateException: One or more errors occurred. (Error -13 EACCES permission denied) ---> Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvException: Error -13 EACCES permission denied at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.ThrowError(Int32 statusCode) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.tcp_bind(UvTcpHandle handle, SockAddr& addr, Int32 flags) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvTcpHandle.Bind(ServerAddress address) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.TcpListenerPrimary.CreateListenSocket() at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Listener.b__8_0(Object state) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.ListenerPrimary.d__12.MoveNext() --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelEngine.CreateServer(ServerAddress address) at Microsoft.AspNetCore.Server.Kestrel.KestrelServer.Start[TContext](IHttpApplication`1 application) ---> (Inner Exception #0) Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvException: Error -13 EACCES permission denied at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.ThrowError(Int32 statusCode) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.Libuv.tcp_bind(UvTcpHandle handle, SockAddr& addr, Int32 flags) at Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvTcpHandle.Bind(ServerAddress address) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.TcpListenerPrimary.CreateListenSocket() at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Listener.b__8_0(Object state) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.ListenerPrimary.d__12.MoveNext()<---

It seems that aspnetcore could not be run without root permissions, and in some scenarios with very restricted security policies root user is not allow to run the main process of a docker image.

Is it any way to run aspnetcore application in linux with non-root user?

Sudo option is not valid becuase the same security policy.

Thanks,

Improve this question

1 Answer 1

Reset to default
4

Finally the problem was that I was trying to use port 80 for binding my app. If you use higher ports, ie, 5000. There are no problems with permissions.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

That's how Linux work. For all ports <= 1024, you require root to bind to
On a side note, you should never run ASP.NET Core on port 80, since that's the port used by most webservers as default port. The question suggests you may try to directly expose the ASP.NET Core app to the internet. Don't do that Kestrel (for now) isn't supposed to act as internet facing server and is always to be run behind reverse proxy (apache, nginx, iis), only exception is WebListener which is approved for IFS, but it's windows-only
Hello can you share docker file how you have created non root user. I was not able to run container without root user though non root user is there still running as root

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.