Another option is perhaps using suid to let those processes spawn on whatever ports while limiting permissions outside those scripts. In other words, suexec within the Unix/Linux OS: http://www.howtoforge.com/linux_setting_suid_sgid_bits Posted at Nginx Forum: http://forum.nginx.org/read.php?2,120297,120474#msg-120474