Configuring Services to Use Privileged Ports (Below 1024)
- Creating a systemd override file
Open the service configuration override file:
sudo systemctl edit opensearch-dashboards.service
- Add the following configuration
In the editor, insert the following block:
[Service]
# Grant capability to use ports below 1024
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
# Disable PrivateUsers otherwise capability won't work
PrivateUsers=false
Please note!
If PrivateUsers=true
(enabled by default for security), the capability won't be applied. Therefore it must be disabled.
These parameters allow a non-root process to bind to ports below 1024.
- Apply changes and restart the service
sudo systemctl daemon-reexec
sudo systemctl daemon-reload
sudo systemctl restart opensearch-dashboards.service
- Verification
Check the service status and verify it's listening on the desired port (e.g. 443):
sudo systemctl status opensearch-dashboards.service
sudo ss -tuln | grep :443
If configured correctly, you'll see an entry indicating the port is actively listening.