Enabling the server to listen on privileged ports (Linux) - PingDirectory - 9.3

PingDirectory 9.3

PingDirectory 9.3
PingDirectory 9.3 (Latest)

For your convenience, enable the server to listen on privileged ports while running as a non-root user.

Linux systems have a mechanism called capabilities that is used to grant specific commands the ability to do things that are normally only allowed for a root account:

  • The setcap command assigns capabilities to an application.
  • The cap_net_bind_service capability enables a service to bind a socket to privileged ports (port numbers less than 1024).
  1. If Java is installed in /ds/java and the Java command to run the server is /ds/java/bin/java, you can grant the cap_net_bind_service capability to the Java binary with the following command:
    $ sudo setcap cap_net_bind_service=+eip /ds/java/bin/java
  2. Create the file /etc/ld.so.conf.d/libjli.conf with the path to the directory that contains the libjli.so file.

    The Java binary needs an additional shared library (libjli.so) as part of the Java installation. Because this process imposes stricter limits on where the operating system looks for shared libraries to load for commands that have capabilities assigned, it is also necessary to tell the operating system where to look for this library.

    For example, if the Java installation is in /ds/java, the contents of that file should be:
  3. To apply the changes, run the following command:
    $ sudo ldconfig -v