Christopher, On 16 January 2014 22:28, Christopher Schultz <ch...@christopherschultz.net>wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Brett, > > On 1/15/14, 7:41 PM, Brett Delle Grazie wrote: > > On 15 January 2014 16:53, Mubeen Shah <mubeens...@gmail.com> > > wrote: > > > >> Hello, > >> > >> I am trying to configure tomcat 7 on ubuntu machine and wanted to > >> run it as non-root on port 80, Here is what I did so far: > >> > >> OS (Ubuntu 12.04 LTS): > >> > >> - installed oracle JDK 1.7.0_45 using "apt-get" - downloaded and > >> extracted tomcat 7.0.50 (.gz format) - created ubuntu user > >> 'tomcat' and granted 'chown -R CATALINA_HOME' to this user - > >> changed tomcat default port to 80 in server.xml - installed and > >> configured authbind tool - created sh script > >> "/etc/init.d/tomcat7" to start tomcat as tomcat user. > >> > > > > What was in this script? > > > > > >> - tomcat 7 was working as expected on 80 port as non-root user. > >> > > > > That is surprising, see further below. > > [snip] > > > Linux will not allow anything but root to bind on ports < 1024. > > Usually the process starts as root, binds to the port and then > > drops it's privileges back to the desired user. > > Note that the OP is using authbind (or at least attempting to do so). > Yes I missed that in the original message, thank you for pointing it out. > > > You'll need to use jsvc to start Tomcat and drop privileges. > > Um... authbind? Noted. > > Perhaps authbind doesn't work with Java and/or Tomcat/APR but this is > precisely what authbind was designed to do. > The OP looks like they've locally compiled APR. I wonder if that's the root cause. > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJS2F0JAAoJEBzwKT+lPKRYuVsQALp+Hbtc/SjgszPUeTgc9aJ7 > 0UEg4S3cHqozrXVgn45V+zAXYqsCfzoge0nS9VK4ar/RJiF0mVMLG3TUm6+0fget > l7O1YDZU+VgNEBd/ci/25BmZwZIJ4e9d53N24mJ2Et7FuWuhFOK8FrtcfFmyZPRa > j0xndOJCNg7Yeub6kYLRWDXIuLdRkzwWMtqGnQ4kb15pyM1TdMiaL4BvYDfECjC8 > uwwU0jipJE+2JPTqwzn+MgUolcVEmJRoL0MfGyMT1kE4smLXFOGPuDFL7cmJtikx > Elmr7BvTMc9POY4BzXEkVwCfHcA+dqKJNzeELfJffzVD2qKvM2m3Ivp4vZglukKE > Joho1PWeN1dRasU+ncZI+EiDtnE8tI114kHrehBBTYjdM0q9zQnYGewycBVQMIrU > /TbxbOdUB8rBM3yIN1JRA6psE+r9jVxg/6sva+qN8gww7eQJFtvVI8oRViHT4sya > dMI162eRDYhN9L2ZZv51UV6LBHTaKybL1WZQRahJw3rFysQQk51DXGPuOiKruzyF > FwcrMVxvyaANGRsr4YpjfKg9sKBxjXbO+AhCX6loY8SUWHufy7nAT8+LGayRirjR > LlDYQqcaMWzxZCPYOLl1VcjkUuGSJQP7th2xXdiHSGwZPj9W31RFsZHp0pQESBkD > /7vB2xDCfrJk2zKbPKa0 > =o6Wu > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Kind regards, Brett
