commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arjan Veenstra (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DAEMON-12) [daemon] java fails to bind on port 80
Date Mon, 26 Mar 2007 15:37:32 GMT

    [ https://issues.apache.org/jira/browse/DAEMON-12?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12484137
] 

Arjan Veenstra commented on DAEMON-12:
--------------------------------------

Isn't this the problem:

#ifdef OS_LINUX
    /* setuid()/setgid() only apply the current thread so we must do it now */
    if (linuxset_user_group(args->user,uid,gid)!=0)
            return(4);
#endif

This bit of code is run (only on linux) before the java vm is even loaded. So the user switch
is allready performed before tomcat attempts to bind to port 80. 

The comment seems to agree with other things i found on this subject, setuid only changes
the uid of the calling thread, so calling it after the JVM is started fails to change the
uid of all threads. This will not only leave you with some threads running as root, but also
break signalling between threads breaking your JVM. So far i haven't seen any solution to
this...

> [daemon] java fails to bind on port 80
> --------------------------------------
>
>                 Key: DAEMON-12
>                 URL: https://issues.apache.org/jira/browse/DAEMON-12
>             Project: Commons Daemon
>          Issue Type: Bug
>         Environment: Operating System: Linux
> Platform: PC
>            Reporter: Ostap Bender
>            Priority: Blocker
>
> Platform is Ubuntu Linux, kernel 2.6.15 amd64 smp on a dual core processor.
> When I start Tomcat with jsvc and the Http connector on port 80 java fails to
> bind on port 80. I added an extra debug statement in set_caps to tell me when
> set_caps is called. In catalina.out I see before java even tries to bind, three
> calls: the first with the value 1216, second with 1024 (CAP_NET_BIND_SERVICE)
> and the last with 0 (downgrade).
> After commenting out set_caps(0) from the jsvc-unix.c Tomcat starts ok.
> What is the reason for the downgrade happening so soon? Is it a race condition
> turned bad by the use of a multiprocessor?
> BTW, the Readme should mention that the module capabilities should be loaded.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message