Hi, You're better off grabbing the Tomcat5.sh script from $CATALINA_HOME/bin/jsvc-src/native (you need to unpack jsvc.tar.gz but I think you're already done that). Modify the couple of lines at the top to reflect your proper JAVA_HOME and CATALINA_HOME, and you should be all set.
Yoav Shapira Millennium Research Informatics >-----Original Message----- >From: RJ [mailto:[EMAIL PROTECTED] >Sent: Wednesday, May 26, 2004 10:31 AM >To: Tomcat Users List >Subject: Re: Tomcat as 'root' insecure? (again) > >OK, I've been running tomcat behind apache for ages, and >now I want to go with Yoav's oft-stated advice to just >use tomcat (5.0.24) alone. And I want it on port 80. > >So, I try to use the jsvc approach, telling it to go to >the nonprivileged tomcat user by (from the tomcat site): > >./bin/jsvc -Djava.endorsed.dirs=./common/endorsed -cp ./bin/bootstrap.jar \ > -outfile ./logs/catalina.out -errfile ./logs/catalina.err \ > org.apache.catalina.startup.Bootstrap -user tomcat > >However, that chokes as follows, as it apparently can't use port >80 as I'm wanting it to. > >I'm sure this must be trivial, but all help would be >appreciated! > >rj > >May 26, 2004 10:19:07 AM org.apache.coyote.http11.Http11Protocol start >SEVERE: Error starting endpoint >java.net.BindException: Permission denied:80 > at >org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint .jav >a:258) > at >org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoin t.ja >va:275) > at >org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:177) > at >org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:15 00) > at >org.apache.catalina.core.StandardService.start(StandardService.java:485 ) > at >org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) > at org.apache.catalina.startup.Catalina.start(Catalina.java:556) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at >sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 >9) > at >sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp >l.java:25) > at java.lang.reflect.Method.invoke(Method.java:324) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at >sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 >9) > at >sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp >l.java:25) > at java.lang.reflect.Method.invoke(Method.java:324) > at >org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: 218) >May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start >SEVERE: Catalina.start: >LifecycleException: Protocol handler start failed: java.net.BindException: >Permission denied:80 > at >org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:15 02) > at >org.apache.catalina.core.StandardService.start(StandardService.java:485 ) > at >org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) > at org.apache.catalina.startup.Catalina.start(Catalina.java:556) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at >sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 >9) > at >sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp >l.java:25) > at java.lang.reflect.Method.invoke(Method.java:324) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at >sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 >9) > at >sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp >l.java:25) > at java.lang.reflect.Method.invoke(Method.java:324) > at >org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: 218) >May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start >INFO: Server startup in 5160 ms > > > > > >At 04:01 PM 5/25/2004, David Smith wrote: > >>I use jsvc which launches as root just long enough to capture the >>privileged ports necessary and then drops the root privilege to run as >>tomcat5. Very clean, runs on startup, and I don't have to worry about >>some unforeseen problem giving an attacker instant root privilege. >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
