Skip to main content
Version: 5.0

Configuring Services to Use Privileged Ports (Below 1024)

  1. Creating a systemd override file

Open the service configuration override file:

sudo systemctl edit opensearch-dashboards.service
  1. Add the following configuration

In the editor, insert the following block:

[Service]
# Grant capability to use ports below 1024
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE

# Disable PrivateUsers otherwise capability won't work
PrivateUsers=false
Please note!

If PrivateUsers=true (enabled by default for security), the capability won't be applied. Therefore it must be disabled.

These parameters allow a non-root process to bind to ports below 1024.

  1. Apply changes and restart the service
sudo systemctl daemon-reexec
sudo systemctl daemon-reload
sudo systemctl restart opensearch-dashboards.service
  1. Verification

Check the service status and verify it's listening on the desired port (e.g. 443):

sudo systemctl status opensearch-dashboards.service
sudo ss -tuln | grep :443

If configured correctly, you'll see an entry indicating the port is actively listening.