tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vincent Aumont <vincent.aum...@vsl.ca>
Subject Re: Opinions
Date Fri, 31 Oct 2003 08:13:59 GMT
Fran├žois,


>Oh, and last but not least, I didn't find a privilege separation method in tomcat (like
in apache or ssh or postfix, or...). Perhaps am I wrong, but, if you want tomcat to run in
unpriviledge environment, you have to make it bind to a public port (say 8080). I use iptables
to redirect connections from 80 to 8080:
>  
>
No, you're right.  You can make Apache listen on port 80 while running 
as root because it'll change the process' ownership when it opens a new 
connection. There is no portable way of doing this in Java; therefore, 
you have to run Tomcat as root if you want to make it listen on port 80. 
Of course, that's a major security hole.
I always front-end TC with Apache and use mod_proxy to achieve what 
you're doing with iptables.

-Vincent.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message