I'm not sure about this, but I believe the Tomcat web-server is only
intended for development use.
If you run in production through another webserver (Apache, for
example), then you would disable the Tomcat web-server and this wouldn't
be an issue.
Fergus
Jean-Luc Rochat wrote:
>
> Michael Yuan wrote:
> >
> > Sorry, it did not work. If I do
> >
> > [root]$ sudo -u nobody ./startup.sh
> >
> > It still gives "BindException Permission Denied" as if "nobody" tried to
> > use the 80 port.
> >
> > If I do
> >
> > [nobody]$ sudo -u root ./startup.sh
> >
> > It just run the server as root. But I wanted it to run as "nobody" after
> > it binds to port 80 ...
> >
> > After a little bit of research, I find that maybe I should use "setuid"
> > intead? But setuid is not a command, how can I make it into the start
> > script or anything? Does anyone know how to do it? Thanks a lot!
> >
> > Michael
> >
> no way like this. Apache does open the listening port as root, and dups
> the opened port(s) as stdin for his children who do not have to open it
> again. The connector can't do it this way. Granting extra priviledges to
> the tomcat user could create a security hole.
>
> Jean-Luc
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org
--
Fergus Gallagher Tel: +44 (20) 8 987 0717
Orbis Fax: +44 (20) 8 742 2649
The Swan Centre email: Fergus.Gallagher@orbisuk.com
Fishers Lane Web: http://www.orbisuk.com
London W4 1RX / UK
|