tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Brownell <davi...@pacbell.net>
Subject Re: Feature: port 80
Date Thu, 11 Nov 1999 09:27:36 GMT
Jason Hunter wrote:
> 
> One feature I haven't seen mentioned oddly enough is the ability for
> Tomcat standalone to listen on port 80 under Unix as a non-root user.
> JWS did this using native code to change the user id after attaching to
> the socket.  What's the feeling out there of providing that native code
> to Tomcat for standalone use?

That's where a split personality comes in handy:

	- Using Linux KHTTPD feeding nonstatic requests to tomcat ...
	  no need for it, port 80 is KHTTPD, tomcat uses some other one.

	- But maybe I don't want to run two servers ... highly desirable
	  as an option..

I'm not sure the JWS code was quite the right model; as I recall it
could change _back_ to root (administrative restart) which isn't the
most secure way to go.  In principle, I'd like the option; but in a
"no servlet component can _possibly_ grab root privs" mode.  Also,
it should be a general purpose class, not specific to jakarta code.

Yes, there's a slot for switching UID in my tomcat startup script,
but filling it in hasn't gotten to my priority list yet.

I'd have to check, but I seem to recall another issue in that area.
It was along the lines of needing to be able to switch the port and
docroot on the command line, without munging "server.xml".  If KHTTPD
isn't available (wrong kernel or somesuch) then tomcat needs to switch
over and use a different port.  A few weeks ago, I seem to recall that
I believed port switching (and associated UID switch issue) didn't seem
like it could be done without changing "server.xml" ... undesirable.

- Dave

Mime
View raw message