Lately, I have been thinking of writing a JNI library to call setuid() and setgid() to change the effective user ID and group ID of the process after it starts.
I'm not sure how this would affect the various startup and shutdown scripts, but it would be interesting from a security standpoint. -----Original Message----- From: Joe Tomcat [mailto:[EMAIL PROTECTED]] Sent: 05 September, 2002 11:39 PM To: Tomcat Users List Subject: Starting and stopping Tomcat as non-root I am running Tomcat on port 80 (not using Apache) on Redhat 7.3. Obviously, Tomcat needs to be root to listen on port 80. Therefore, to start it or stop it, I need to do that as root. The problem is that I want to use ant tasks to start and stop it. I can easily have ant tasks which execute startup.sh and shutdown.sh, but then I have a to run ant, and therefore do all my development, as root, something which I definitely do not want to do. Unfortunately Linux doesn't let me make shell scripts setuid, so how do I do this? I realize that setuid scripts are a security hole, but there are no untrusted users on this machine (I'm the only user) so it doesn't matter. Alternatively, is there a way to make Linux so that it lets any user bind to any port? This "must be root to bind to low ports" is the most idiotic "security" measure in all of Unix land and has resulted in more breakins over the years than any other single thing. Can I turn it off? Thanks! -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
