5.11. Why can't I start a service that runs on a privileged port as root?

Services that run a privileged port (those below 1024) require the CAP_NET_BIND_SERVICE capability in order to bind to the port. If you have disabled this capability globally in the /etc/lids/lids.cap file, you must either grant the program that capability

bash# lidsconf -A -s /usr/local/bin/apache -o CAP_NET_BIND_SERVICE 80 -j GRANT

or, start the service when LIDS_GLOBAL is disabled.