Enabling the server to listen on privileged ports (Linux)
For your convenience, enable the server to listen on privileged ports while running as a non-root user.
About this task
Linux systems have a mechanism called capabilities that is used to grant specific commands the ability to do things that are normally only allowed for a root account:
-
The
setcap
command assigns capabilities to an application. -
The
cap_net_bind_service
capability enables a service to bind a socket to privileged ports (port numbers less than 1024).
Steps
-
If Java is installed in
/ds/java
and the Java command to run the server is/ds/java/bin/java
, you can grant thecap_net_bind_service
capability to the Java binary with the following command:$ sudo setcap cap_net_bind_service=+eip /ds/java/bin/java
-
Create the file
/etc/ld.so.conf.d/libjli.conf
with the path to the directory that contains thelibjli.so
file.The Java binary needs an additional shared library (
libjli.so
) as part of the Java installation. Because this process imposes stricter limits on where the operating system looks for shared libraries to load for commands that have capabilities assigned, it is also necessary to tell the operating system where to look for this library.Example:
For example, if the Java installation is in
/ds/java
, the contents of that file should be:/ds/java/lib/amd64/jli
-
To apply the changes, run the following command:
$ sudo ldconfig -v