jakarta-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fergus Gallagher <Fergus.Gallag...@OrbisUK.com>
Subject Re: run tomcat as any user
Date Fri, 03 Mar 2000 11:31:59 GMT
I'm not sure about this, but I believe the Tomcat web-server is only
intended for development use.  

If you run in production through another webserver (Apache, for
example), then you would disable the Tomcat web-server and this wouldn't
be an issue.

Fergus

Jean-Luc Rochat wrote:
> 
> Michael Yuan wrote:
> >
> > Sorry, it did not work. If I do
> >
> > [root]$ sudo -u nobody ./startup.sh
> >
> > It still gives "BindException Permission Denied" as if "nobody" tried to
> > use the 80 port.
> >
> > If I do
> >
> > [nobody]$ sudo -u root ./startup.sh
> >
> > It just run the server as root. But I wanted it to run as "nobody" after
> > it binds to port 80 ...
> >
> > After a little bit of research, I find that maybe I should use "setuid"
> > intead? But setuid is not a command, how can I make it into the start
> > script or anything? Does anyone know how to do it? Thanks a lot!
> >
> > Michael
> >
> no way like this. Apache does open the listening port as root, and dups
> the opened port(s) as stdin for his children who do not have to open it
> again. The connector can't do it this way. Granting extra priviledges to
> the tomcat user could create a security hole.
> 
> Jean-Luc
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org

-- 
Fergus Gallagher          Tel: +44 (20) 8 987 0717
Orbis                     Fax: +44 (20) 8 742 2649
The Swan Centre           email: Fergus.Gallagher@orbisuk.com
Fishers Lane              Web: http://www.orbisuk.com
London W4 1RX / UK

Mime
View raw message