EC
EPERM
Linux / POSIXERRORCommonPermissionsHIGH confidence

Operation Not Permitted

Production Risk

Binding to privileged ports requires root or a capability grant. Ensure deployment scripts account for this.

What this means

The process does not have sufficient privileges to perform the requested operation. This is returned when a non-root process attempts an action that requires superuser capabilities, such as changing file ownership or binding to a privileged port.

Why it happens
  1. 1A non-root process tries to bind to a port below 1024.
  2. 2A process attempts to change file ownership without CAP_CHOWN capability.
  3. 3A process tries to set a signal handler for SIGKILL or SIGSTOP.
  4. 4A process attempts to write to a file protected by the immutable flag.
How to reproduce

Running a server that binds to port 80 without root privileges.

trigger — this will error
trigger — this will error
// Node.js: binding to privileged port without root
const net = require("net");
net.createServer().listen(80);

expected output

Error: listen EACCES: permission denied 0.0.0.0:80
  errno: -13, code: EACCES, syscall: bind

Fix

Use a non-privileged port or run with elevated capabilities

WHEN When binding a server to a port below 1024

Use a non-privileged port or run with elevated capabilities
// Option 1: use a high port
net.createServer().listen(8080);

// Option 2: grant capability without full root
// sudo setcap cap_net_bind_service=+ep /usr/bin/node

Why this works

Ports above 1023 do not require elevated privileges on Linux.

What not to do

Run the entire application as root to bypass this error

Running as root greatly expands the blast radius of any security vulnerability in your code.

Sources
Official documentation ↗

Linux Programmer Manual errno(3)

Linux capabilities

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

← All Linux / POSIX errors