Re: How do I run Tomcat as a non-root user?
Look there: http://wiki.apache.org/tomcat/HowTo#head-18d1c3f3fa702a1be769340784515eecce6e0ac9 . - Alexey. Rob Tanner wrote: Hi, How do I run Tomcat as a non-root user? I need to be able to bind to ports 80 443 which are privileged ports. I know that with straight Apache the user that it runs as is configured in httpd.conf. It starts up as root, binds to the ports and then drops its privileges. However, I'm running Tomcat as stand-alone. So, is there some mechanism in Tomcat to accomplish the same thing? Thanks, Rob -- Alexey N. Solofnenko http://trelony.cjb.net/ Pleasant Hill, CA (GMT-8 usually) smime.p7s Description: S/MIME Cryptographic Signature
Re: How do I run Tomcat as a non-root user?
Rob Tanner schrieb: How do I run Tomcat as a non-root user? I need to be able to bind to ports 80 443 which are privileged ports. I know that with straight Apache the user that it runs as is configured in httpd.conf. It starts up as root, binds to the ports and then drops its privileges. However, I'm running Tomcat as stand-alone. So, is there some mechanism in Tomcat to accomplish the same thing? Yes, jsvc[1]. The sources should be in the bin/ directory of your Tomcat installation. Regards mks [1] http://commons.apache.org/daemon/jsvc.html - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I run Tomcat as a non-root user?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rob, Rob Tanner wrote: How do I run Tomcat as a non-root user? I need to be able to bind to ports 80 443 which are privileged ports. I know that with straight Apache the user that it runs as is configured in httpd.conf. It starts up as root, binds to the ports and then drops its privileges. However, I'm running Tomcat as stand-alone. So, is there some mechanism in Tomcat to accomplish the same thing? RTFM / GIYF / whatever: http://www.owasp.org/index.php/Securing_tomcat#Using_Port_80 http://tomcat.apache.org/faq/security.html#root http://tomcat.apache.org/faq/security.html#jsvcExample - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHDPm29CaO5/Lv0PARAvtjAJ4qQPeeudYegliNPkYfwFepUR125QCfXPcj o+bx2mILikPxmKOpaPgxazM= =gCaG -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I run Tomcat as a non-root user?
Marcus, I downloaded it and also applied the patch to eliminate the Cannot execute JSVC executor process error. But here's the catch, and maybe you know the answer. The machine and the OS (Fedora) are 64bit but the Java runtime is 32bit. In order for jsvc to make use of the shared libs, it has to be 32 bit as well. So, I build it like this: CFLAGS=-m32 CPPFLAGS=-m32 CCASFLAGS=-m32 LDFLAGS=-L/usr/lib -L/lib \ ./configure --build=i686-pc-linux-gnu \ But at the end of the make, I get gcc -L/usr/lib -L/lib -ldl -lpthread jsvc-unix.o libservice.a -o ../jsvc /usr/bin/ld: skipping incompatible /usr/lib/libdl.so when searching for -ldl /usr/bin/ld: skipping incompatible /usr/lib/libdl.a when searching for -ldl /usr/bin/ld: skipping incompatible /usr/lib/libpthread.so when searching for -lpthread /usr/bin/ld: skipping incompatible /usr/lib/libpthread.a when searching for -lpthread /usr/bin/ld: skipping incompatible /usr/lib/libc.so when searching for -lc /usr/bin/ld: skipping incompatible /usr/lib/libc.a when searching for -lc /usr/bin/ld: warning: i386 architecture of input file `jsvc-unix.o' is incompatible with i386:x86-64 output /usr/bin/ld: warning: i386 architecture of input file `libservice.a(arguments.o)' is incompatible with i386:x86-64 output /usr/bin/ld: warning: i386 architecture of input file `libservice.a(debug.o)' is incompatible with i386:x86-64 output /usr/bin/ld: warning: i386 architecture of input file `libservice.a(help.o)' is incompatible with i386:x86-64 output /usr/bin/ld: warning: i386 architecture of input file `libservice.a(home.o)' is incompatible with i386:x86-64 output /usr/bin/ld: warning: i386 architecture of input file `libservice.a(java.o)' is incompatible with i386:x86-64 output /usr/bin/ld: warning: i386 architecture of input file `libservice.a(location.o)' is incompatible with i386:x86-64 output /usr/bin/ld: warning: i386 architecture of input file `libservice.a(replace.o)' is incompatible with i386:x86-64 output /usr/bin/ld: warning: i386 architecture of input file `libservice.a(dso-dlfcn.o)' is incompatible with i386:x86-64 output And I end up with an ELF 64-bit LSB executable that gets an immediate segmentation fault. Any ideas how to build it right. Thanks, Rob Markus Schönhaber said the following on 10/10/2007 09:11 AM: Rob Tanner schrieb: How do I run Tomcat as a non-root user? I need to be able to bind to ports 80 443 which are privileged ports. I know that with straight Apache the user that it runs as is configured in httpd.conf. It starts up as root, binds to the ports and then drops its privileges. However, I'm running Tomcat as stand-alone. So, is there some mechanism in Tomcat to accomplish the same thing? Yes, jsvc[1]. The sources should be in the bin/ directory of your Tomcat installation. Regards mks [1] http://commons.apache.org/daemon/jsvc.html - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I run Tomcat as a non-root user?
Rob Tanner wrote: I downloaded it and also applied the patch to eliminate the Cannot execute JSVC executor process error. Why didn't you use the sources you already had? But here's the catch, and maybe you know the answer. The machine and the OS (Fedora) are 64bit but the Java runtime is 32bit. In order for jsvc to make use of the shared libs, it has to be 32 bit as well. So, I build it like this: [...] And I end up with an ELF 64-bit LSB executable that gets an immediate segmentation fault. Any ideas how to build it right. You could set up a cross-compiler/cross-toolchain that is able to create 32-bit binaries or compile it on a 32-bit machine. Either way, you'll have to install the 32-bit versions of the dependent libraries as well (or create a static binary). But first and foremost: what's the point in running Tomcat in a 32-bit JVM on 64-bit machine? Use a 64-bit JVM and save yourself a lot of trouble. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I run Tomcat as a non-root user?
Marcus, I was able to resolve the make by doing the last compile step manually. As far as why a 32 bit JVM or a 64 bit machine, that only applies to my development system (which is my desktop). Our production servers are 32 bit systems. The problem with a 64 bit JVM on my development box is that MyEclipse (unless it's changed and I'm unaware) does not behave dependably in 64 bit. Using 32 bit, my Java development is rock-solid, so why change. -- Rob Markus Schönhaber said the following on 10/10/2007 02:01 PM: Rob Tanner wrote: I downloaded it and also applied the patch to eliminate the Cannot execute JSVC executor process error. Why didn't you use the sources you already had? But here's the catch, and maybe you know the answer. The machine and the OS (Fedora) are 64bit but the Java runtime is 32bit. In order for jsvc to make use of the shared libs, it has to be 32 bit as well. So, I build it like this: [...] And I end up with an ELF 64-bit LSB executable that gets an immediate segmentation fault. Any ideas how to build it right. You could set up a cross-compiler/cross-toolchain that is able to create 32-bit binaries or compile it on a 32-bit machine. Either way, you'll have to install the 32-bit versions of the dependent libraries as well (or create a static binary). But first and foremost: what's the point in running Tomcat in a 32-bit JVM on 64-bit machine? Use a 64-bit JVM and save yourself a lot of trouble. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
