OK, I've been running tomcat behind apache for ages, and now I want to go with Yoav's oft-stated advice to just use tomcat (5.0.24) alone. And I want it on port 80.
So, I try to use the jsvc approach, telling it to go to the nonprivileged tomcat user by (from the tomcat site):
./bin/jsvc -Djava.endorsed.dirs=./common/endorsed -cp ./bin/bootstrap.jar \
-outfile ./logs/catalina.out -errfile ./logs/catalina.err \
org.apache.catalina.startup.Bootstrap -user tomcatHowever, that chokes as follows, as it apparently can't use port 80 as I'm wanting it to.
I'm sure this must be trivial, but all help would be appreciated!
rj
May 26, 2004 10:19:07 AM org.apache.coyote.http11.Http11Protocol start
SEVERE: Error starting endpoint
java.net.BindException: Permission denied:80
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:258)
at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:275)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:177)
at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1500)
at org.apache.catalina.core.StandardService.start(StandardService.java:485)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298)
at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:218)
May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: Protocol handler start failed: java.net.BindException: Permission denied:80
at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1502)
at org.apache.catalina.core.StandardService.start(StandardService.java:485)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298)
at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:218)
May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 5160 ms
At 04:01 PM 5/25/2004, David Smith wrote:
I use jsvc which launches as root just long enough to capture the privileged ports necessary and then drops the root privilege to run as tomcat5. Very clean, runs on startup, and I don't have to worry about some unforeseen problem giving an attacker instant root privilege.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
