Cheat Sheet logoCheat Sheet Today
Linux systemd Service Files Cheat Sheet/Limit Linux capabilities

Reduce privilege scope.

Back to sheetBrowse commands
Sign in to save
Section: Restart Policy, Types, Hardening

Limit Linux capabilities

ini
ini
[Service]
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
Explanation

Useful when binding privileged ports without full root access.

View in sheet →

Learn the surrounding workflow

Compare similar commands or jump into common fixes when this command is part of a bigger troubleshooting path.

Compare commandsView fixes

Related commands

Same sheet · prioritizing Restart Policy, Types, Hardening
Restart on failure
Automatic restart policy.
OpenIn sheetinisame section
One-shot service type
Configure a one-time task service.
OpenIn sheetinisame section
Use Type=notify
Service signals readiness to systemd.
OpenIn sheetinisame section
Basic sandboxing example
Apply a few common hardening options.
OpenIn sheetinisame section
Evaluate unit hardening
Score a custom service for security posture.
OpenIn sheetbashsame section
Create custom service file
Open a new service file under /etc/systemd/system.
OpenIn sheetbash1 tag match