tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <d...@cornell.edu>
Subject Re: Tomcat as root and security issues
Date Fri, 26 Jan 2007 13:38:03 GMT
Or the commons daemon project's jsvc which can launch as root long
enough to grab port 80 and then shift to an unprivileged user for normal
runtime operations.

--David

Peter Crowther wrote:

>>From: Gaurav Kushwaha [mailto:gaurav.kushwaha@gmail.com] 
>>I read somewhere that if I want to run Tomcat standalone on 
>>port 80, I will
>>have to run it as root and that this is potentially unsafe. 
>>    
>>
>
>True on UNIX, false on Windows.
>
>  
>
>>Is there any way
>>for me to run it on port 80 without having to give the root 
>>privileges to the process.
>>    
>>
>
>The simplest I've found on most UNIXes is to use the firewall's
>facilities to forward port 80/tcp to 8080/tcp.  Set Tomcat up on 8080,
>and incoming requests will arrive at Tomcat's port.
>
>If you do this, be aware that any code in Tomcat that writes URLs may do
>the wrong thing unless you include the proxyPort attribute in your HTTP
>connector config in server.xml:
>
>	<Connector port="8080" proxyPort="80" .../>
>
>Hope this helps.
>
>		- Peter
>
>---------------------------------------------------------------------
>To start a new topic, e-mail: users@tomcat.apache.org
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>  
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message