When using a DynamicUser, the processes user and group are allocated a
UID/GID between 61184 and 65519. For a non-root process (UID/GID 1) on linux to open ports below 1024 it needs to have
the CAP_NET_BIND_SERVICE capability, which is usually not present in the execution
environment. Systemd allows adding capabilities using
AmbientCapabilites to the capability set.
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
DynamicUser=true