Hi, See interleaved.
On 15 January 2014 16:53, Mubeen Shah <mubeens...@gmail.com> wrote: > Hello, > > I am trying to configure tomcat 7 on ubuntu machine and wanted to run it as > non-root on port 80, Here is what I did so far: > > OS (Ubuntu 12.04 LTS): > > - installed oracle JDK 1.7.0_45 using "apt-get" > - downloaded and extracted tomcat 7.0.50 (.gz format) > - created ubuntu user 'tomcat' and granted 'chown -R CATALINA_HOME' to this > user > - changed tomcat default port to 80 in server.xml > - installed and configured authbind tool > - created sh script "/etc/init.d/tomcat7" to start tomcat as tomcat user. > What was in this script? > - tomcat 7 was working as expected on 80 port as non-root user. > That is surprising, see further below. > - later I configured APR 1.5.0 and tried to run tomcat again, I got this > error: > > Jan 15, 2014 6:24:45 AM org.apache.catalina.core.AprLifecycleListener init > INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR > version 1.5.0. > Jan 15, 2014 6:24:45 AM org.apache.catalina.core.AprLifecycleListener init > INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters > [false], random [true]. > Jan 15, 2014 6:24:46 AM org.apache.catalina.core.AprLifecycleListener > initializeSSL > INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012) > Jan 15, 2014 6:24:46 AM org.apache.coyote.AbstractProtocol init > INFO: Initializing ProtocolHandler ["http-apr-80"] > Jan 15, 2014 6:24:46 AM org.apache.coyote.AbstractProtocol init > SEVERE: Failed to initialize end point associated with ProtocolHandler > ["http-apr-80"] > java.lang.Exception: Socket bind failed: [13] Permission denied > at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:430) > at > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640) > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:981) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > at > org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > at > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > at org.apache.catalina.startup.Catalina.load(Catalina.java:639) > at org.apache.catalina.startup.Catalina.load(Catalina.java:664) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455) > This is expected. > > If I am removing out this line from server.xml: > <Listener className="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" /> > > Tomcat working on 80 port as non-root user and starting "http-bio-80" > properly. > > Another thing is if I am trying to run tomcat as "root" along with APR > support, its working just fine. > > Any advise why its working on "http-bio-80" while throwing bind exception > on "http-apr-80"?? > Linux will not allow anything but root to bind on ports < 1024. Usually the process starts as root, binds to the port and then drops it's privileges back to the desired user. You'll need to use jsvc to start Tomcat and drop privileges. It is simply apache commons daemon and you should use version 1.0.15 or higher, I'm not sure what version is in 12.04 LTS so you may need to compile it. Some documentation is here: http://tomcat.apache.org/tomcat-7.0-doc/setup.html http://commons.apache.org/proper/commons-daemon/jsvc.html There are a couple of other options described here: http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F But the best one is commons daemon / jsvc. > Regards, > Mubeen > -- Kind regards, Brett
