NoKideen wrote:
is there anybody know how to do this ?
Running Tomcat as Non-Root under Linux listen for port 80
Ask your Linux admin to disable the privileged port
nonsense, which only has value on a multiaccess server,
and which alwasy undermines security by unnecessarily
encouraging running
NoKideen wrote:
is there anybody know how to do this ?
Running Tomcat as Non-Root under Linux listen for port 80
Google is your friend:
http://www.google.com/search?q=linux+port+80+non-root
-
To unsubscribe, e-mail:
From: NoKideen [mailto:[EMAIL PROTECTED]
Subject: Running Tomcat as Non-Root under Linux listen for port 80
is there anybody know how to do this ?
Use the port redirection facilities in Linux (the details vary depending
on your kernel, but ipchains or iptables is a good place to start if I
From: Peter Crowther
That way, Linux can run as a non-root user but still see requests
arriving on port 80.
Sorry. Brain fade. Replace 'Linux' with 'Tomcat' in the above.
- Peter
-
To unsubscribe, e-mail:
Use jsvc.
- Original Message -
From: NoKideen [EMAIL PROTECTED]
To: tomcat-user@jakarta.apache.org
Sent: Tuesday, September 27, 2005 6:13 PM
Subject: Running Tomcat as Non-Root under Linux listen for port 80
is there anybody know how to do this ?
Running Tomcat as Non-Root under
NoKideen said:
is there anybody know how to do this ?
Running Tomcat as Non-Root under Linux listen for port 80
80 is a privileged port ( 1024) and you need root-rights to bind to a
privileged port.
If the problem is that you don't have access to root, ask the admin to
implement sudo.
Joost
Create a normal user $TOMCAT_USER
/bin/su $TOMCAT_USER -- $CATALINA_HOME/bin/startup.sh
Owner is root, group is $TOMCAT_USER.
-Original Message-
From: NoKideen [mailto:[EMAIL PROTECTED]
Sent: September 27, 2005 12:14 PM
To: tomcat-user@jakarta.apache.org
Subject: Running Tomcat as
a.k.a. Commons-Daemon (http://jakarta.apache.org/commons/daemon/)
Works beautifully.
--David
Andrés Glez. wrote:
Use jsvc.
- Original Message - From: NoKideen [EMAIL PROTECTED]
To: tomcat-user@jakarta.apache.org
Sent: Tuesday, September 27, 2005 6:13 PM
Subject: Running Tomcat as
On Tue, 27 Sep 2005, Joost de Heer wrote:
NoKideen said:
is there anybody know how to do this ?
Running Tomcat as Non-Root under Linux listen for port 80
80 is a privileged port ( 1024) and you need root-rights to bind to a
privileged port.
If the problem is that you don't have access
, that define
something like 'Allow binary y that is started by user x to bind to
port z'
-Original Message-
From: Lawrence, Gabriel [mailto:[EMAIL PROTECTED]
Sent: Friday, July 18, 2003 11:13 PM
To: Tomcat Users List
Subject: RE: Running Tomcat as Non-Root
It's a java problem as the OSes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Friday 18 July 2003 23:07 schrieb John Turner:
Because then ANYONE with a user account could bind a service to those
ports.
... unless there are proper access privileges on ports as on files.
I consider the start-as-root pattern as a hack (not
Because then ANYONE with a user account could bind a service to those
ports.
... unless there are proper access privileges on ports as on files.
I consider the start-as-root pattern as a hack (not a bad one though ;-)
I was going to let a sleeping dog lie, but that's exactly what I think.
Howdy,
Are you running on a unix OS? If so, root is normally required if you
want to run on a port 1024. There are workarounds, but they vary in
complexity and portability, and none are that good at this point. If
you're running on a port higher than 1024, than you don't need to run as
root
to
loose its privs...
-gabe
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Friday, July 18, 2003 12:58 PM
To: Tomcat Users List
Subject: RE: Running Tomcat as Non-Root
Howdy,
Are you running on a unix OS? If so, root is normally required if you
want to run
-Original Message-
From: Lawrence, Gabriel [mailto:[EMAIL PROTECTED]
Sent: Friday, July 18, 2003 4:06 PM
To: Tomcat Users List
Subject: RE: Running Tomcat as Non-Root
Has any one submitted a request to get dropping privs into the JDK? Or
escalating privs to grab one of these ports
nave user I'm running on (assuming the user
I'm running with has that capability.)
This is missing in Java.
-gabe
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Friday, July 18, 2003 1:21 PM
To: Tomcat Users List
Subject: RE: Running Tomcat as Non-Root
Howdy
PROTECTED] Sent: Friday, July 18,
2003 1:21 PM
To: Tomcat Users List
Subject: RE: Running Tomcat as Non-Root
Howdy,
Huh??? Have you looked at java.security.AccessController#doPrivileged()
?
The issue is that port binding is a native operation and there's no
bridge between the JDK
, July 18, 2003 4:25 PM
To: Tomcat Users List
Subject: RE: Running Tomcat as Non-Root
Right. I'm saying has anyone looked into submitting something to sun
asking them to make it possible to start up a process as root an then
drop down to another user like most native services do?
I want
, 2003 1:35 PM
To: Tomcat Users List
Subject: Re: Running Tomcat as Non-Root
So every Java-based service would need its own JVM instance? Would you
want your Java-based MTA on port 25 running as your Tomcat user or vice
versa? Isn't that how it would work if you configured the user account
: John Turner [mailto:[EMAIL PROTECTED] Sent: Friday, July
18, 2003 1:35 PM
To: Tomcat Users List
Subject: Re: Running Tomcat as Non-Root
So every Java-based service would need its own JVM instance? Would you
want your Java-based MTA on port 25 running as your Tomcat user or vice
versa? Isn't
Yes, but is this a Java problem, or is this an OS related problem/feature?
IMHO, since UNIX/LINUX is doing the restricting of port traffic, the problem
resides with the OS, not with Java. Adding an API to shift the native
security model is out of scope.
Why don't particular flavors of the OS
On Fri, 18 Jul 2003 17:01:46 -0400, Lukas Bradley [EMAIL PROTECTED] wrote:
Why don't particular flavors of the OS allow for 1024 to be non-root?
Lukas
Because then ANYONE with a user account could bind a service to those
ports. Then, to protect your server and your users, your only recourse
PM
To: [EMAIL PROTECTED]
Subject: Re: Running Tomcat as Non-Root
Yes, but is this a Java problem, or is this an OS related
problem/feature?
IMHO, since UNIX/LINUX is doing the restricting of port traffic, the
problem
resides with the OS, not with Java. Adding an API to shift the native
security
.)
This is missing in Java.
-gabe
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Friday, July 18, 2003 1:21 PM
To: Tomcat Users List
Subject: RE: Running Tomcat as Non-Root
Howdy,
Huh??? Have you looked at java.security.AccessController#doPrivileged()
?
The issue
PROTECTED]
Cc:
Subject:Re: Running Tomcat as Non-Root
While this is flaming out of control ;-):
Let me point out that there is jakarta-commons-sandbox/daemon that allows
you to do this right now (i.e. launch as root, Tomcat binds to port 80, and
then setuid to a non-privileged user
Along those same lines, what's the recommended approach for sharing one
installation of tomcat with multiple users?
Should they each create their own server.xml and set the "home"
attribute of the ContextManager to a location beneath their home
directory, specifying the -f option to
/usr/local/tomcat doesn't necessarily have to be owned by root.
The only thing you need to so is make sure that whichever user you run
tomcat as has write permissions to the logs, conf and work directories
(those are the only ones Tomcat writes to I think). This doesn't have to
be 'nobody'
Thanks, Kief. I'm still kind of an Ant newbie, but I think I see what
you're doing, and it's pretty cool. :-)
I'm still confused about the -f option, though. You're not creating
your server.xml in the shared installation directory, are you? I
thought tomcat always used
Jim Crossley typed the following on 12:19 PM 2/6/2001 -0500
I'm still confused about the -f option, though. You're not creating
your server.xml in the shared installation directory, are you? I
thought tomcat always used $TOMCAT_HOME/conf/server.xml *unless* you
specified another location with
/usr/local/tomcat doesn't necessarily have to be
owned by root. The only thing you need to so is make
sure that whichever user you run tomcat as has write
permissions to the logs, conf and work directories
(those are the only ones Tomcat writes to I think).
I was a little iffy about
Hi Geoff,
As far as I know (and I did a fair bit of research on this
topic), there is no way for any java app to start as one
user, then switch to running as another user.
What I do is run tomcat on port 8080 as non-root, and
use a firewall product to redirect port 80 - 8080. This
works fine.
Kitching - Thanks for the response. I was afraid of that.
'ifconfig' is the utility that lets you see information about the
network interfaces, not a firewall. :) Do you run multiple machines with
a firewall in front of them to do the redirection (w/ load balancing for
example) or do you run the
)
This, of course, makes you relatively platform specific.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Geoff Lane
Sent: Tuesday, January 16, 2001 12:29 PM
To: [EMAIL PROTECTED]
Subject: Re: Running Tomcat as non-root user
Kitching - Thanks
You could use EJB's or a mobile agent framework?
-Original Message-
From: CPC Livelink Admin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 16, 2001 5:35 PM
To: [EMAIL PROTECTED]
Subject: RE: Running Tomcat as non-root user
You may be able to write yourself some native code to do
: Tuesday, January 16, 2001 5:35 PM
To: [EMAIL PROTECTED]
Subject: RE: Running Tomcat as non-root user
You may be able to write yourself some native code to do the switcheroo for
you. Then use the java calls to the native call. The code to do the user
switch is readily available (though I
35 matches
Mail list logo
