systemd: allow normal process to bind to privileged port

Sometimes services are started by systemd with already dropped privileges, for example inspircd.service starts as irc user.

Such services cannot bind to priliged ports (< 1024) usually – in this case I needed it to listen to port 443 though (additionally to some high port) to allow users behind “strange” firewall configurations to connect to the server.

The solution is to add the following to the service (for example by running systemctl edit inspircd.service):

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE