tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Schönhaber <mailing-tomcat-u...@schoenhaber.de>
Subject Re: Tomcat as root and security issues
Date Fri, 26 Jan 2007 13:36:51 GMT
Gaurav Kushwaha wrote:

> I read somewhere that if I want to run Tomcat standalone on port 80, I will
> have to run it as root and that this is potentially unsafe.

That's in no way Tomcat-specific. On Unix-like systems an application needs 
root privileges to be able to bind to ports with numbers < 1024.

> Is there any 
> way for me to run it on port 80 without having to give the root privileges
> to the process.

Aside from the techniques others have already mentioned, there's jsvc. It will 
allow Tomcat to bind to privileged ports and drop privileges afterwards. You 
should find the sources in the "bin" directory of your Tomcat distribution. 
More info here:
http://jakarta.apache.org/commons/daemon/
Especially:
http://jakarta.apache.org/commons/daemon/jsvc.html

Regards
  mks

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message