commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Srijith Kochunni" <ksrij...@novell.com>
Subject Re: Fwd: java.net.bind exception with ports < 1024.
Date Wed, 17 Dec 2008 03:43:23 GMT

Hi, 

         Since I am running as root user, I am thinking that instead of just commenting that
out, I think the code should check whether a root user is running the process and then provide
appropriate privileges. Please let me know if I am asking this in the wrong forum or list,
because I dont seem to be getting any responses. 

Thanks, 
Srijith.

>>> "Srijith Kochunni" <ksrijith@novell.com> 12/16/2008 5:45 PM >>>

Hi All,

           I was able to get past this problem, but this required me to modify jsvc source
code and recompile and build. The problem is that in native/jsvc-unix.c before starting the
service, the capability CAP_NET_BIND_SERVICE is being disabled for the controlled process,
due to which my process is not able to bind to privileged ports 0 to 1024. To quote from the
code,

        #ifdef OS_LINUX
        if (set_caps(0)!=0) 
            log_debug("set_caps (0) failed");
             return(4);
         
     #else

       I had to comment out this part and rebuild jsvc in order to ensure that my process
is able to bind to privileged ports. I was wondering if there is any runtime option for jsvc
to allow binding to privileged ports, but could not find any. As part of our project, we run
our daemon with root user privileges and also require to be flexible to allow the user to
specify any ports he wishes to. Since the project is newly supporting linux platforms it is
turning out to be a blocker. We are left with the option of repackaging jsvc with the change.
Please let me know if anyone on the list is aware of any other option. Also it would also
be beneficial if i could know what the security issues are with making this change.

Thanks,
Srijith.


>>> Srijith Kochunni 12/10/2008 7:16 PM >>>

Hi All,


          I am using jsvc to daemonize my java application, which runs on a Linux box. I get
an error java.net.BindException: Permission denied. I get this only for ports < 1024 and
I understand on linux to bind to any ports which are below 1024, you require root permission.
Therefore I am launching my application as root. However I still am not able to get the privileges
required. My JSVC arguments are as follows.


   jsvc.exec -debug -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8008
-jvm server -user root -home $JAVA_HOME
  -outfile /var/opt/myfile.out -pidfile /var/run/myfile.pid -errfile '&1'  


          I am launching as root user and also in jsvc arguments I have specified "-user root",
but am at a loss as to why I am still getting this exception, when I launch my jetty server.
When I tried to launch it normally outside jsvc, it works fine. I have searched on the net,
and also came across this message thread http://markmail.org/message/3mw6r2dievxvviu3#query:jsvc%20java.net.BindException%3A%20Permission%20denied+page:1+mid:j2w4dpzp4aaypun6+state:results
where it suggested, that some system call had been modified and it worked thereafter, but
did not find the details. 


         Have run strace, but could not find any errors.
On starting in debug mode,  I see the following messages,
10/12/2008 18:55:30 6349 jsvc debug: user changed to 'root'
10/12/2008 18:55:30 6348 jsvc debug: User 'root' validated
and I also don't see any errors.


      Any help / suggestions in this regard would be greatly appreciated.


Thanks,
Srijith.


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message