- Then, as of kernel version 4.11, you can set where the non-privileged ports start, like "sysctl net.ipv4.ip_unprivileged_port_start=0" Somewhat helpful in that you could have them start above things like sshd (22), but below port 80. Still not great for multi-tenant, etc, though.
- CAP_NET_BIND_SERVICE - Assigned to an executable, doesn't work for scripts, etc.
- Workarounds like authbind (https://en.wikipedia.org/wiki/Authbind)
- Then, as of kernel version 4.11, you can set where the non-privileged ports start, like "sysctl net.ipv4.ip_unprivileged_port_start=0" Somewhat helpful in that you could have them start above things like sshd (22), but below port 80. Still not great for multi-tenant, etc, though.