Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 27007 invoked from network); 22 Feb 2008 20:58:08 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Feb 2008 20:58:08 -0000 Received: (qmail 43470 invoked by uid 500); 22 Feb 2008 20:57:51 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 42992 invoked by uid 500); 22 Feb 2008 20:57:49 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 42981 invoked by uid 99); 22 Feb 2008 20:57:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Feb 2008 12:57:49 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [74.54.141.23] (HELO mail.writingshow.com) (74.54.141.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Feb 2008 20:57:03 +0000 Received: from cpe-75-82-230-88.socal.res.rr.com ([75.82.230.88] helo=[192.168.1.106]) by mail.writingshow.com with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.67) (envelope-from ) id 1JSeyf-00017C-2k for users@tomcat.apache.org; Fri, 22 Feb 2008 14:58:41 -0600 Message-ID: <47BF3732.6020409@compulsivecreative.com> Date: Fri, 22 Feb 2008 12:57:22 -0800 From: Alan Chaney Reply-To: alan@compulsivecreative.com Organization: Paula Hollywood, Inc. User-Agent: Thunderbird 1.5.0.14pre (X11/20071023) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Apache2 adn/or Tomcat6? References: <1203692912.12389.43.camel@localhost.localdomain> <4eedb92a0802220715l14f3a6a7w27ebcfd103850b1f@mail.gmail.com> <1203700179.12389.48.camel@localhost.localdomain> <2828B04F0113CD468E6D1D51DF4362A404FD5E67@USEA-EXCH2.na.uis.unisys.com> <20080222205046.GB4224@IUPUI.Edu> In-Reply-To: <20080222205046.GB4224@IUPUI.Edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Or as I mentioned in a recent email, you can run something like jsvc and set the user to 'tomcat' which allows you to bind to the port and then changes the user. Regards Alan Mark H. Wood wrote: > I must've missed the place in the documentation where it explains how > to get Tomcat to start as root, then drop privileges after opening > listening sockets on low-numbered ports that are only accessible by > root, like Apache HTTPD does. > > On most Unix-alikes, you have to choose: > > o tell people to use port 8080 or whatever nonprivileged port you > configured; > > o use a packet-mangling firewall rule to remap port 80 to port 8080 > or whatever; > > o place a proxy (such as Apache HTTPD) in front of Tomcat to forward > port 80 traffic; > > o run Tomcat as root, allowing buggy app.s to make arbitrary changes > anywhere on your server. > > If I ever have time to do something about that, I'll be sure to submit > a patch. > > > > ------------------------------------------------------------------------ > > !DSPAM:47bf361642361264652389! --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org