Thanks Mattias I thought that the idea was that resin started as root in order to permit binding to the protected ports <1024 and subsequently switched to run as a different user.
Our current setup with resin2 and a single server seems to do that. Thank you for taking the time to respond. Can anyone from caucho clarify this? Regards Alan On 28/09/2011 13:35, Mattias Jiderhamn wrote: > To answer one part of your question: > > >> Additionally the application is started as root and for the app tier we >> use<user> and<group> to change the user. When we try to do the same >> thing in the web-loadbalancer tier the application fails to start. Is >> this normal/to be expected? Is it safe for the web-tier to be running as >> root? >> > In a *nix environment, it is likely that non-root users are not allowed > to bind ports< 1024. That is, Resin cannot answer on HTTP (80) or HTTPS > (443) request unless running as root. I'd recommend using port > forwarding from 80/443 to some port> 1024 and then run Resin as non-root. > > </Mattias> > > > > _______________________________________________ > resin-interest mailing list > [email protected] > http://maillist.caucho.com/mailman/listinfo/resin-interest > > > -- Alan Wright Athene Systems tel 0845 230 9803 Athene Systems Limited Registered Office: Shieling House Invincible Road Farnborough GU14 7QU Registered in England and Wales No. 3156080 _______________________________________________ resin-interest mailing list [email protected] http://maillist.caucho.com/mailman/listinfo/resin-interest
