Tim,
I am not sure what you are responding to...
The "to run on port 80" in technical terms is an established way of saying:
"to run a server listening to port 80." which is wordy.
The question was: "Can you run Tomcat as non-root on port 80", sorry:
"Can you run Tomcat as non-root as a server listening to port 80".
The answer is still no, since Tomcat does not support it... I believe
it even may be possible to do it in Java with a very elaborate scheme,
but it is not trivial (if at all possible) in Java to spawn threads with
different EUID than the parent, unless you want to spawn separate UNIX
processes via calls to Runtime exec with su - c and find a way to tell the
child how to hijack the TCP session which was started by the parent tomcat
server which runs as root and listens to port 80. This would be a terrible
performance penalty. I am not a tomcat developer, so I have no clue if this
is under any consideration.
Jan
Jan K. Labanowski | phone: 614-292-9279, FAX: 614-292-7168
Ohio Supercomputer Center | Internet: [EMAIL PROTECTED]
1224 Kinnear Rd, | http://www.ccl.net/chemistry.html
Columbus, OH 43212-1163 | http://www.osc.edu/
On Fri, 27 Apr 2001, Tim O'Neil wrote:
> At 12:33 AM 4/27/2001 -0400, you wrote:
> >I do not think you will be ever able to run tomcat standalone as non-root
> >on port 80. Ports below 1024 can only be run as root. You say: "and
> >Apache?..."
> >Apache is written in C, not Java, and changes the effective UID
> >to nobody (or whatever) for its children which do the work.
> >I do not think such stuff is possible in Java, and even if it was,
> >Tomcat does not support it. The solution is to have Apache run on port 80
> >and communicate with tomcat via ajp12 or ajp13 connector. Then
> >Tomcat can run as whatever you wish it to be, and need not be root,
> >since the connector ports are usually much higher than 1024, e.g., 8007.
>
>
> You can't run a port. You can only use it. And while you say
> is true, but it can be gotten around; and you might want to
> do this because you might want to run a web server as user
> "nobody", because the nobody user doesn't normally have shell
> access (you may respond with "well, my nobody user on my solaris
> server has a shell", yeah, that's Sun. Take the shell config
> out of nobody's config in master_passwd or whatever the file is)
> Netscape iPlanet/Server (whatever) installs the admin process
> as root, but by default creates server instances as nobody, no
> problem. I suspect a chuid or a chown is performed by the admin
> process after the web server instance is created.
>
> End word: You can (and according to some philosophies should) run
> a web server as nobody. How this is done with Apache I don't know
> but its not impossibly wrong or ridiculous to run a web server
> as a user other than root.
>
