A gentle note that our documentation is in github and we love to accept pull requests against it!
https://github.com/jetty-project/jetty-documentation cheers! jesse -- jesse mcconnell [email protected] On Tue, Mar 4, 2014 at 12:40 AM, Martin Edge <[email protected]>wrote: > Joakim > > As you were mentioning using setuid in an embedded environment is unusual. > I can report that (providing you wait until you’ve started all of your > servers etc and you don’t have apache installed on your desktop machine > [I’ve been having fun!]), using System.load(libsetuid-linux-1.0.0.so) and > setuid(1000) works like a charm! > > A very easy way of reducing privileges. > > > > Once again thanks for your pointers, they really helped! > > -medge > > > > > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Martin Edge > *Sent:* Tuesday, 4 March 2014 16:17 > *To:* JETTY user mailing list > *Subject:* Re: [jetty-users] libsetuid.so > > > > ! Wrong package, should have paid more attention to the nm –D output (and > realised the package name was important). > > Thanks for your help though. > > > > -medge > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Martin Edge > *Sent:* Tuesday, 4 March 2014 15:36 > *To:* JETTY user mailing list > *Subject:* Re: [jetty-users] libsetuid.so > > > > Ok. Thanks for the links I used the tool chain one for my initial work. > Obviously I am missing something, but I can’t see what it is. > > > > > > Firstly overridden doStart() with: > > > > @Override > > public void doStart() throws Exception { > > super.doStart(); > > String os = System.getProperty("os.name").toLowerCase(); > > if (!os.contains("win")) { <-- IE we are not testing on our > development machines. > > if (gid != 0) { > > SetUID.setgid(gid); // <-- Fails her > > } > > if (uid != 0) { > > SetUID.setuid(uid); > > Passwd pw = SetUID.getpwuid(uid); > > System.setProperty("user.name", pw.getPwName()); > > System.setProperty("user.home", pw.getPwDir()); > > } > > } > > } > > > > I grabbed the source for setuid (etc) and cut setuid down to this (As we > are running this on linux only): > > > > package au.edu.satac.utilities.setuid; > > > > import au.edu.satac.business.utilities.SATACLogger; > > import au.edu.satac.business.utilities.SLogger; > > import au.edu.satac.utilities.SATACWebConfig; > > import java.io.File; > > > > /** > > * Class is for changing user and groupId, it can also be use to retrieve > user > > * information by using getpwuid(uid) or getpwnam(username) of both linux > and > > * unix systems > > */ > > public class SetUID { > > > > private static final SLogger logger = > SATACLogger.getLogger(SetUID.class); > > > > public static final String FILENAME = "libsetuid"; > > > > public static final int OK = 0; > > public static final int ERROR = -1; > > > > public static native int setumask(int mask); > > public static native int setuid(int uid); > > public static native int setgid(int gid); > > public static native Passwd getpwnam(String name) throws > SecurityException; > > public static native Passwd getpwuid(int uid) throws SecurityException; > > public static native Group getgrnam(String name) throws > SecurityException; > > public static native Group getgrgid(int gid) throws SecurityException; > > public static native RLimit getrlimitnofiles(); > > public static native int setrlimitnofiles(RLimit rlimit); > > > > private static void loadLibrary() { > > String setuidLib = “/usr/local/satacweb/lib/ > libsetuid-linux-1.0.0.so”; > > // String setuidLib = SATACWebConfig.getConfig().getSetUIDLib(); > // Ready to some sort of dynamic mapping > > if(setuidLib!=null) { > > File f = new File(setuidLib); > > if(f.exists()) { > > System.load(setuidLib); > > // Runtime.getRunTime().load(setuidLib); > > } else { > > logger.fatal(setuidLib + " not found"); > > } > > } else { > > logger.info("SetUID lib isn't set"); > > } > > } > > > > static { > > loadLibrary(); > > } > > > > } > > > > > > I’ve cut the whole thing down even more into a test case: > > > > package au.edu.satac; > > > > import au.edu.satac.utilities.setuid.SetUID; > > > > /** > > * > > * @author satmje > > */ > > public class MainClass { > > public static void main(String[] args) { > > SetUID.setuid(1001); > > } > > } > > > > And (the supporting classes are unchanged) > > > > package au.edu.satac.utilities.setuid; > > > > public class SetUID { > > > > public static final String FILENAME = "libsetuid"; > > > > public static final int OK = 0; > > public static final int ERROR = -1; > > > > public static native int setumask(int mask); > > public static native int setuid(int uid); > > public static native int setgid(int gid); > > public static native Passwd getpwnam(String name) throws > SecurityException; > > public static native Passwd getpwuid(int uid) throws SecurityException; > > public static native Group getgrnam(String name) throws > SecurityException; > > public static native Group getgrgid(int gid) throws SecurityException; > > public static native RLimit getrlimitnofiles(); > > public static native int setrlimitnofiles(RLimit rlimit); > > > > private static void loadLibrary() { > > System.load("/usr/local/satacweb/lib/libsetuid-linux-1.0.0.so"); > > // Runtime.getRuntime().load("/usr/local/satacweb/lib/ > libsetuid-linux-1.0.0.so"); > > } > > > > static { > > loadLibrary(); > > } > > > > } > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Joakim Erdfelt > *Sent:* Tuesday, 4 March 2014 14:58 > *To:* JETTY user mailing list > *Subject:* Re: [jetty-users] libsetuid.so > > > > ok, let me try this again... > > > > HOW are you attempting/doing this? details please. > > Code snippets? > > Project structure? > > Installed structure? > > All of the various relevant paths (class/lib/security/os/etc)? > > Environment details at runtime? > > Java details? > > Your artifacts details? > > Your dependency details? > > etc... > > > > > -- > > Joakim Erdfelt <[email protected]> > > webtide.com <http://www.webtide.com/> - intalio.com/jetty > > Expert advice, services and support from from the Jetty & CometD experts > > eclipse.org/jetty - cometd.org > > > > On Mon, Mar 3, 2014 at 8:02 PM, Martin Edge <[email protected]> > wrote: > > Open port 80 as root and them su to a lower privileged user. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Joakim Erdfelt > *Sent:* Tuesday, 4 March 2014 13:27 > *To:* JETTY user mailing list > *Subject:* Re: [jetty-users] libsetuid.so > > > > Can you provide more details on what you are trying to do? > > As mixing libsetuid.so and jetty embedded would be a first. > > > -- > > Joakim Erdfelt <[email protected]> > > webtide.com <http://www.webtide.com/> - intalio.com/jetty > > Expert advice, services and support from from the Jetty & CometD experts > > eclipse.org/jetty - cometd.org > > > > On Mon, Mar 3, 2014 at 6:24 PM, Martin Edge <[email protected]> > wrote: > > Having trouble running this in an embedded environment. It is finding the > file, but reporting “UnsatisfiedLinkError” > > Using jetty 9.1.2 on Linux. > > > > Has anyone got this working, or does everyone use redirects? > > > > > > *Medge* > > *Database and Applications Administrator* > > _______________________ > > > > [image: SATAC_Signature] > > > > Telephone (08) 8224 4045 > > Facsimile (08) 8224 4099 > > > > *www.**satac.edu.au * <http://www.satac.edu.au/> > > > > > > > > > > This email message is intended only for the addressee(s) and > > contains information that may be confidential and/or copyright. > > If you are not the intended recipient please notify the sender > > by reply email and immediately delete this email. Use, disclosure > > or reproduction of this email by anyone other than the intended > > recipient(s) is strictly prohibited. No representation is made that > > this email or any attachments are free of viruses. Virus scanning > > is recommended and is the responsibility of the recipient. > > > > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > > > > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > > > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > >
<<inline: image001.gif>>
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
