At 12:33 AM 4/27/2001 -0400, you wrote:
>I do not think you will be ever able to run tomcat standalone as non-root
>on port 80. Ports below 1024 can only be run as root. You say: "and
>Apache?..."
>Apache is written in C, not Java, and changes the effective UID
>to nobody (or whatever) for its children which do the work.
>I do not think such stuff is possible in Java, and even if it was,
>Tomcat does not support it. The solution is to have Apache run on port 80
>and communicate with tomcat via ajp12 or ajp13 connector. Then
>Tomcat can run as whatever you wish it to be, and need not be root,
>since the connector ports are usually much higher than 1024, e.g., 8007.
You can't run a port. You can only use it. And while you say
is true, but it can be gotten around; and you might want to
do this because you might want to run a web server as user
"nobody", because the nobody user doesn't normally have shell
access (you may respond with "well, my nobody user on my solaris
server has a shell", yeah, that's Sun. Take the shell config
out of nobody's config in master_passwd or whatever the file is)
Netscape iPlanet/Server (whatever) installs the admin process
as root, but by default creates server instances as nobody, no
problem. I suspect a chuid or a chown is performed by the admin
process after the web server instance is created.
End word: You can (and according to some philosophies should) run
a web server as nobody. How this is done with Apache I don't know
but its not impossibly wrong or ridiculous to run a web server
as a user other than root.
