Hi Geoff,
As far as I know (and I did a fair bit of research on this
topic), there is no way for any java app to start as one
user, then switch to running as another user.
What I do is run tomcat on port 8080 as non-root, and
use a firewall product to redirect port 80 -> 8080. This
works fine.
I can't give you great details, as the firewall stuff was
set up by a sysadmin (which I am not), but we use
Solaris and I think the firewall is "ifconfig". I guess
that linux' ipchains or ipfilter or whatever can do the
same job.
Regards,
Simon
> -----Original Message-----
> From: Geoff Lane [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, January 15, 2001 11:46 PM
> To: [EMAIL PROTECTED]
> Subject: Running Tomcat as non-root user
>
> In the Tomcat UG under the heading 'Modify and Customize the Batch
> Files' it says one of the reasons to do so (modify start up scripts)
> would be: "To switch user from root to some other user using the "su"
> UNIX command."
>
> This is an excellent idea from a security standpoint. But to bind to
> port 80 (instead of the default high port 8080) root is needed. How many
> applications do this (Apache for example) is to initially run as root,
> bind to port 80, and then drop root privileges. Is something like this
> possible with Tomcat running standalone? Running concurrently with
> Apache would accomplish this because the AJP connection could be run as
> any user since it's on a high port.
>
> Thanks.
>
> --
> Geoff Lane <[EMAIL PROTECTED]>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
