-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Brett,
On 1/16/14, 5:44 PM, Brett Delle Grazie wrote: > Christopher, > > On 16 January 2014 22:28, Christopher Schultz > <ch...@christopherschultz.net>wrote: > > Brett, > > On 1/15/14, 7:41 PM, Brett Delle Grazie wrote: >>>> On 15 January 2014 16:53, Mubeen Shah <mubeens...@gmail.com> >>>> wrote: >>>> >>>>> Hello, >>>>> >>>>> I am trying to configure tomcat 7 on ubuntu machine and >>>>> wanted to run it as non-root on port 80, Here is what I did >>>>> so far: >>>>> >>>>> OS (Ubuntu 12.04 LTS): >>>>> >>>>> - installed oracle JDK 1.7.0_45 using "apt-get" - >>>>> downloaded and extracted tomcat 7.0.50 (.gz format) - >>>>> created ubuntu user 'tomcat' and granted 'chown -R >>>>> CATALINA_HOME' to this user - changed tomcat default port >>>>> to 80 in server.xml - installed and configured authbind >>>>> tool - created sh script "/etc/init.d/tomcat7" to start >>>>> tomcat as tomcat user. >>>>> >>>> >>>> What was in this script? >>>> >>>> >>>>> - tomcat 7 was working as expected on 80 port as non-root >>>>> user. >>>>> >>>> >>>> That is surprising, see further below. > > [snip] > >>>> Linux will not allow anything but root to bind on ports < >>>> 1024. Usually the process starts as root, binds to the port >>>> and then drops it's privileges back to the desired user. > > Note that the OP is using authbind (or at least attempting to do > so). > > >> Yes I missed that in the original message, thank you for pointing >> it out. > > > >>>> You'll need to use jsvc to start Tomcat and drop privileges. > > Um... authbind? > > >> Noted. > > > > Perhaps authbind doesn't work with Java and/or Tomcat/APR but this > is precisely what authbind was designed to do. > > >> The OP looks like they've locally compiled APR. I wonder if >> that's the root cause. Possibly. I seem to recall someone complaining about tcnative not working properly with a new APR version (but I think it was 2.0, not 1.5). It's possible that libapr 1.5.0 has some incompatibility or something. It's also possible that authbind (I've never used it) requires some configuration specifically against the libapr/libtcnative/etc. and not just against Java itself. That might explain why the BIO connector works on port 80 but not APR. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS2GInAAoJEBzwKT+lPKRYIkMP/R90tuLvVLjHFXK9Am/+6P9Z NjCyH5eT0FN5y6yoJdwQSaw7Tj8Z0pU806ATcWnjyU+YSUiHZIt6nFt+C+dB3+NE dLzNybNEiZkIl/1Z05zwpG77M3/pgFz5xh2z5jolMOQe1RED8+ga6rH6t433AztL tjSW4GcrzlhM3Ml/NgteDeQr30CCwQaeFA+m6WVJwgM5BE9LG7pK4DXOgN5abWLq 5zKGVy/YrdPMCuALZsAVr8o6bzUDoUPYwmVcn0ti81qentyiq418mtmTYkRYIWzW UqVznlL499wws1tCoRktbYW7jssg6H8OAqC11Wrb6f0LOAY/kFoQPxzM9y5YyEZ3 w35so9GWagbTJM1DuHMbvRpPye5mZHZOIxt+h+Xk+U+S2PAVXJFfMVXIZX04BPmR DceAyIPDng0IHUoLgdYNesTZqPmzF73th+AaYR+JvY15dIjuG14g53DJ7vbu7lwG meXaYL4AvbQt6hX4y5FbABGfnpJI7KlUVLOH9c06c7tNm6yD3KqAJwzBzGMzLOKG Cm2x+5IkRzFC4IzzacCnLYz/2z0m8Sx6yW/l8Ve2NILXcr8f1MRIKT+rbLeQZc43 kODxkDQnoOfo44vAVAM8yKYbMVQSccTqzlux9kNVqz0blHU0fNHYzQURTW9EL59r bRYMgAPCny2YB8a4lHNi =h6au -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
