DynamicUser, the processes user and group are allocated a
UID/GID between 61184 and 65519. For a non-root process (UID/GID 1) on linux to
open ports below 1024 it needs to have the
capability, which is usually not present in the execution
environment. Luckily systemd allows to add capabilites using
AmbientCapabilites to the capablity set.
[Service] AmbientCapabilities=CAP_NET_BIND_SERVICE DynamicUser=true