I don't know -- I can see some value to the root only ports below 1024. It prevents non-privileged users from stealing trusted service ports in a mainframe environment -- not that that's a reality anymore. The best way to handle this in a production environment is to use the commons-daemon project at the Jakarta site.
--David Paul Singleton wrote: > Harrell, Ralph wrote: > >> I would like to be able to start TOMCAT as a non-root >> user but am unable to as we are running SSL and use >> port 443 and non-root users do not have the permission >> to use ports under 1000. > > > ...not in Linux and some (all?) Unix variants, anyway. > > (FWIW I think this root-only-below-1000 rule is an > ill considered security kludge which has probably > caused more trouble than it has circumvented) > > You could redirect port 443 to 8443 (and 80 to 8080) > either in an external firewall/router or in iptables > within your server, then start Tomcat as e.g. tomcat > on its usual ports. > > Paul Singleton > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
