tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kitching Simon <Simon.Kitch...@orange.ch>
Subject RE: Running Tomcat as non-root user
Date Tue, 16 Jan 2001 09:57:05 GMT
Hi Geoff,

As far as I know (and I did a fair bit of research on this
topic), there is no way for any java app to start as one
user, then switch to running as another user.

What I do is run tomcat on port 8080 as non-root, and 
use a firewall product to redirect port 80 -> 8080. This
works fine.

I can't give you great details, as the firewall stuff was
set up by a sysadmin (which I am not), but we use
Solaris and I think the firewall is "ifconfig". I guess 
that linux' ipchains or ipfilter or whatever can do the
same job.

Regards,

Simon
> -----Original Message-----
> From:	Geoff Lane [SMTP:glane@inclusion.net]
> Sent:	Monday, January 15, 2001 11:46 PM
> To:	tomcat-user@jakarta.apache.org
> Subject:	Running Tomcat as non-root user
> 
> In the Tomcat UG under the heading 'Modify and Customize the Batch
> Files' it says one of the reasons to do so (modify start up scripts)
> would be: "To switch user from root to some other user using the "su"
> UNIX command."
> 
> This is an excellent idea from a security standpoint. But to bind to
> port 80 (instead of the default high port 8080) root is needed. How many
> applications do this (Apache for example) is to initially run as root,
> bind to port 80, and then drop root privileges. Is something like this
> possible with Tomcat running standalone? Running concurrently with
> Apache would accomplish this because the AJP connection could be run as
> any user since it's on a high port.
> 
> Thanks.
> 
> -- 
> Geoff Lane <glane@inclusion.net>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, email: tomcat-user-help@jakarta.apache.org

Mime
View raw message