I was going to suggest something similar, which is to start up Orion as
root and then have the process change UID to a non-root user, just like
Apache. But starting the process as root is precisely the thing the
user was trying to avoid.
Throwing Apache in the front end is bound to decrease performance,
versus using Orion's HTTP server. It's certainly the easiest (and a
good portable one -- better than ipchains) solution, but I didn't
mention because it defeats the purpose of using Orion as the web server
for performance.
The security problems with running an app server as root can be dealt
with by using Java policy files. I've written them for JRun in the
past, to restrict access to just the directories, files and ports
necessary. But running an app server is a risky proposition anyway.
Even if it's not running as root it probably has access to all your
businesses' critical data via database access and Web-based business
transactions; people's credit card numbers, etc. These are much more
valuable than the files on your file system.
The real problem expressed by the original email is that regular
restarts of the server are necessary. All Java app servers suffer from
this in one place or another. Eventually, they'll all have to be able
to dynamically reload configuration settings, and any class or
component. Orion is all ready well on the way toward that goal with
dynamic reload of ears, EJB jars, servlets, etc.
A related problem is the distinction between development and production
-- why can't each developer belong to the same group, have them all stop
and start Orion on a port above 1024 for development purposes, and then
deal with this port 80 problem when it's time to move production. In
most organizations I've dealt with, the developers aren't the ones
stopping and starting the production server anyway.
Scott Stirling
West Newton, MA
On 07 Jan 2001 13:44:34 -0800, Tony Wilson wrote:
> The best way to get around this, I think, is to use apache as a front end
> and connect Orion to it.
> There is excellent documentation on how to do this on
> www.orionsupport.com... when it comes up. It think it is one of the
> featured links on the right hand menu.
>
> Apache runs anywhere, pretty much.
>
> What you do is start up apache as root. Apache grabs whatever lower
> numbered ports it needs (including 80) and then changes its user to
> something else (usually 'nobody'). You change the configuration in
> /etc/httpd/conf/httpd.conf (at least on linux) and then you can connect to
> it using standard procedures supported by both apache and orion.
>
> The main benefit of this is that you can run jrun as whomever you would like
> ('orion' is a good username) and you only have to worry about the file
> permissions from that point on.
>
>
> You DEFINITELY don't want to run orion, or any other Servlet Container as
> root. The main reason is security. One of your developers could very
> easily write a piece of code that would wipe out the entire hard drive, or
> worse... and if anyone was able to hack in... all they would need to do is
> write up a jsp file, and they have all the access they want.
>
> Anyway. The apache thing works for us. We are able to do a lot of things
> with this. One example is Virtual hosting. Each developer is able to have
> their own instance of orion, running on their own virtual IP address, on
> their own code base and starting and stopping it on their own running as
> their own user. Apache allows for this.
>
> Tony Wilson
