After upgrading DX NetOps Spectrum to version 25.4.5, the SpectroSERVER binary ownership has changed to root (e.g., -rwsr-x--- 1 root spectrum). 

During the upgrade process, the Spectrum installer attempts to use the Linux setcap utility to grant the SpectroSERVER binary specific network capabilities (cap_net_raw and cap_net_bind_service). If the setcap utility (provided by the libcap or libcap-progs package) is missing from the operating system, the installer reverts the binary ownership to root with the setuid bit enabled to ensure it has the necessary permissions to function.

To return the ownership to the spectrum user and properly configure Linux capabilities, follow these steps:

1. Install the missing capability package Identify and install the package providing the setcap command for your Linux distribution:

   • RHEL / Rocky : yum install libcap
   • SLES (Suse)   : zypper install libcap-progs

2. Stop the Spectrum services Log in as the root user or use sudo to stop the processd service:

   systemctl stop processd

3. Revert binary ownership Change the ownership of the SpectroSERVER binary back to the spectrum user and group:

   chown spectrum:spectrum $SPECROOT/SS/SpectroSERVER

   (Note: Replace $SPECROOT with your actual Spectrum installation directory, e.g., /usr/Spectrum).

4. Manually assign Linux capabilities Run the following commands as the root user to grant the required capabilities to the Spectrum binaries:

   /usr/sbin/setcap cap_net_raw,cap_net_bind_service+ep $SPECROOT/SS/SpectroSERVER
   /usr/sbin/setcap cap_setuid+ep $SPECROOT/bin/launchinstdbapp
   /usr/sbin/setcap cap_sys_ptrace+ep $SPECROOT/bin/gdb

5. Verify the capabilities Confirm the capabilities are correctly assigned using the getcap command:

    

   getcap $SPECROOT/SS/SpectroSERVER

   The output should include: $SPECROOT/SS/SpectroSERVER = cap_net_bind_service,cap_net_raw+ep

6. Restart the Spectrum services Start the processd service and then start the SpectroSERVER:

    

   systemctl start processd