It's a java problem as the OSes that block access to <1024 ports give native code api's to open these ports and then loose the root privs. Java should allow those of us who are interested in running java services to have the option to take advantage of this.
I've filed a bug. When I get a bug number I'll post it. If you want to comment on how you think it's a good idea or a bad idea you can feel free to do it there. Lets take the rest of this discussion off the tomcat list. -gabe -----Original Message----- From: Lukas Bradley [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 2:02 PM To: [EMAIL PROTECTED] Subject: Re: Running Tomcat as Non-Root Yes, but is this a Java problem, or is this an OS related problem/feature? IMHO, since UNIX/LINUX is doing the restricting of port traffic, the problem resides with the OS, not with Java. Adding an API to shift the native security model is out of scope. Why don't particular flavors of the OS allow for < 1024 to be non-root? Lukas "Lawrence, Gabriel" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > So I'm going to take that as a no. No one has bothered to pester sun > about this. > > And yes, the way things tend to work today is that people run these > things with extra JVMs, although if its running on port 25 they'd all > have to be running as root. > > So I realize that its possible that you could only drop privs down to a > single user in the vm, but gee wouldn't that be hugely better then what > we have today, where if I want to run <1024 I have to run as superuser? > > Surely you can see the benefit. > -gabe --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
