tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vincent Aumont <>
Subject Re: Opinions
Date Fri, 31 Oct 2003 08:13:59 GMT

>Oh, and last but not least, I didn't find a privilege separation method in tomcat (like
in apache or ssh or postfix, or...). Perhaps am I wrong, but, if you want tomcat to run in
unpriviledge environment, you have to make it bind to a public port (say 8080). I use iptables
to redirect connections from 80 to 8080:
No, you're right.  You can make Apache listen on port 80 while running 
as root because it'll change the process' ownership when it opens a new 
connection. There is no portable way of doing this in Java; therefore, 
you have to run Tomcat as root if you want to make it listen on port 80. 
Of course, that's a major security hole.
I always front-end TC with Apache and use mod_proxy to achieve what 
you're doing with iptables.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message