There is already a process and there are several tools for delegating superuser access to a non-superuser account in specific circumstances, and protecting against misuse of same. Research things like the sudo tool, chroot jails, etc. Makes much more sense to me than hacking around in the kernel.
John > -----Original Message----- > From: Vy Ho [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 06, 2002 11:12 AM > To: Tomcat Users List > Subject: RE: Why run tomcat as root > > > > > Very good point, but what if the administrator him/herself grand this > access to this particular user? Linux and Unix is all about > flexibility > right? Yes, kernel would be to be changed. But I thought I > already have > that, and if it's not, then it's worth a change, versus thousands and > thousands of developers has to work around it (take it millions). > > > > On Thu, 5 Dec 2002, Turner, John wrote: > > > > > Switching UNIX/Linux to allow non-privileged users to bind > to privileged > > ports would require fairly major modifications to the > kernel. There's no > > runtime parameter that can be set to magically allow > regular user accounts > > to bind to a privileged port. > > > > Let's remember that the privileged port restriction is > there for a reason, a > > very valid reason. Would you really want just any user on > your server to be > > able to install a homegrown listener on port 80? I sure > wouldn't...the > > potential for malicious use is huge. Imagine somebody > getting a regular > > user account on one of Amazon.com's web servers in their > web server farm, > > then installing a "web server" on port 80 (or 443) that > would simply look > > for traffic starting with "3", "4" or "5" (first digits for > valid credit > > cards) and copy the traffic to an external location. > > > > Sometimes it helps to consider the bigger picture. The > people who wrote > > UNIX weren't stupid. They did things for a reason. > Sometimes the reason > > seems silly, sometimes it seems outdated, but after review, > it usually makes > > perfect sense. Linus and the rest of the Linux hackers > could have easily > > changed this when they wrote the first Linux kernel, but > they didn't. So, > > you've got two LARGE groups of people over a combined span > of about 45 years > > (30+ for UNIX, 10 or so for Linux) choosing to make ports > less than 1024 > > privileged. That's good enough for me...I'll devote my > efforts to something > > else rather than trying to circumvent something that's so > obviously there > > for good reason. > > > > John > > > > > -----Original Message----- > > > From: Vy Ho [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, December 05, 2002 3:48 PM > > > To: Tomcat Users List > > > Subject: RE: Why run tomcat as root > > > > > > > > > > > > Can unix admin configure his OS to let normal app to run port > > > 80? I say > > > this because Unix is very configurable. Why you have to do > > > so much coding > > > just to access port 80, why not just look at it a different way? > > > > > > > > > > > > > > > > > > -- > > > To unsubscribe, e-mail: > > > <mailto:[EMAIL PROTECTED]> > > > For additional commands, e-mail: > > > <mailto:[EMAIL PROTECTED]> > > > > > > > -- > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
