Page created: 26 Jul 2021 |
Page updated: 14 Jan 2022
For your convenience, enable the server to listen on privileged ports while running as a non-root user.
Linux systems have a mechanism called capabilities that is used to grant specific commands the ability to do things that are normally only allowed for a root account:
- The setcap command assigns capabilities to an application.
- The cap_net_bind_service capability enables a service to bind a socket to privileged ports (port numbers less than 1024).
If Java is installed in /ds/java (and the Java command to run
the server is /ds/java/bin/java), you can grant the
cap_net_bind_service capability to the Java binary with the
$ sudo setcap cap_net_bind_service=+eip /ds/java/bin/java
Create the file /etc/ld.so.conf.d/libjli.conf with the path to
the directory that contains the libjli.so file.
The java binary needs an additional shared library (libjli.so) as part of the Java installation. Because this process imposes stricter limits on where the operating system looks for shared libraries to load for commands that have capabilities assigned, it is also necessary to tell the operating system where to look for this library.For example, if the Java installation is in /ds/java, the contents of that file should be:
To apply the changes, run the following command.
$ sudo ldconfig -v