RE: Re[2]: Running Tomcat as Non-Root
No, this shouldn't be a problem if you setup tomcat correctly. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/proxy-howto.html (Note: I havn't tried it on my own) Most documentation that I found about the configuration of tomcat for running as non root on port 1024 are missing this point: http://www-106.ibm.com/developerworks/java/library/l-secjav.htm http://www.klawitter.de/tomcat80.html Here is one in german that includes this topic: http://3plus4software.de/news/20020617.html (Even without understanding german, you should be able to find the relevant information) -Original Message- From: Anton Tagunov [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 7:45 AM To: Tomcat Users List Subject: Re[2]: Running Tomcat as Non-Root Hello Ralph! RE You can run a java service on ports 1024 without being root with RE portmappers, proxies, iptables and several other tools Hmm.., but won't this make the request.getRequestURI() and alike create incorrect URL-s, like http://smth.smth.smth:8080/aaa/b.jsp instead of http://smth.smth.smth:80/aaa/b.jsp or http://smth.smth.smth/aaa/b.jsp This might be a big problem! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Running Tomcat as Non-Root
Hello Ralph! RE You can run a java service on ports 1024 without being root with RE portmappers, proxies, iptables and several other tools Hmm.., but won't this make the request.getRequestURI() and alike create incorrect URL-s, like http://smth.smth.smth:8080/aaa/b.jsp instead of http://smth.smth.smth:80/aaa/b.jsp or http://smth.smth.smth/aaa/b.jsp This might be a big problem! -Anton - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Running Tomcat as Non-Root
Hello Gabriel! LG So I'm going to take that as a no. No one has bothered to pester sun LG about this. LG So I realize that its possible that you could only drop privs down to a LG single user in the vm, but gee wouldn't that be hugely better then what LG we have today, where if I want to run 1024 I have to run as superuser? LG Surely you can see the benefit. 1) Looks there might be some sense in such an api. 2) On the other hand we go somewhat OS specific here - only *nix-es, don't we? 3) In fact we do not strictly have to ask Sun for this, we can do it with JNI. Would be interested to see how jakarta-commons-sandbox/daemon do it. 4) I would vote for such feature request at Sun. Go ahead add it! -Anton - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]