It might be convenient to enable the server to listen on privileged ports while running as a non-root user.

The setcap command assigns capabilities to an application. The cap_net_bind_ service capability enables a service to bind a socket to privileged ports (port numbers less than 1024). If Java is installed in /ds/java (and the Java command to run the server is /ds/java/bin/java), the Java binary can be granted the cap_net_bind_service capability with the following command.

$ sudo setcap cap_net_bind_service=+eip /ds/java/bin/java

The Java binary needs an additional shared library, such as, as part of the Java installation. More strict limitations are imposed on where the operating system will look for shared libraries to load for commands that have capabilities assigned. So it is also necessary to tell the operating system where to look for this library. This can be done by creating the file /etc/ with the path to the directory that contains the file. For example, if the Java installation is in /ds/java, the contents of that file should be as follows.


Run the following command for the change to take effect.

$ sudo ldconfig -v