Simplified explanation:
Apache httpd starts as user root. Binds port 80 and than drops privileges =
by setuid("apache") or setuid("nobody").
In java you can't easily drop privileges. So if you start as root in Java =
you can't easily change user. Of course you can call native code to do this=
. And that is called jsvc.
http://commons.apache.org/daemon/jsvc.html
BTW: if you are not root on a server, you cannot bind port 80 with httpd a=
lso.
BTW2: there are all kinds of new ways of assigning privileges in unix sinc=
e a few years which will make it more easy to say 'user x may bind to port =
80'. But I have never seen anybody using it.
Ronald.
Op maandag, 10 oktober 2011 13:50 schreef Darryl Lewis <darryl.lewis@unsw.e=
du.au>:
>=20
> =20
> Something I've always wondered about, but never figured out, is how does
> apache run as 'apache user' or 'nobody' and work on a port below 1024, b=
ut
> Tomcat can't?
> Anyone got a simple explanation?
> =20
> On 10/10/11 9:53 PM, "Mark Thomas" <markt@apache.org> wrote:
> =20
> >On 10/10/2011 09:56, L=C3=A9a Massiot wrote:
> >>
> >> Hello,
> >>
> >> Thank you for reading my post. Here is my question:
> >>
> >> - Presently, to access my WebApp first page, I have to type in the
> >>following
> >> URL in a browser:
> >> http://hostname-or-ip:8080/my-webapp/
> >> - Instead, I wish I could type in a URL such as:
> >> http://my-webapp/
> >> Is it possible?
> >> How?
> >>
> >> And by the way, I don't know what's the name of such an operation. I
> >>used
> >> the expression "URL simplification"...
> >>
> >> Thank you for pointing me in the right direction!
> >
> >There are three parts to this.
> >
> >1. Removing /my-webapp/ from the end of the URL
> > - Deploy your web application as the ROOT web application
> > Read the docs or search the list archives for the various
> > ways of doing this.
> >
> >2. Removing the port (8080) from the URL
> > - Configure your HTTP connector to use port 80 rather than 8080
> > Port 80 is privileged so you'll need to run as root (bad) or use
> > a service wrapper (such as jsvc from Commons Daemon) that binds to
> > port 80 as root and then drops privileges
> > - Use iptables (or equivalent) to map port 8080 to 80
> >
> >3. Replace hostname-or-ip with my-webapp
> > - This will require a DNS entry that resolves my-webapp to the IP
> > address of the machine where Tomcat is running. This is probably
> > already set up for the machines host name. If you don't want to us=
e
> > that, you can:
> > - edit the hosts file on the client (fine for testing)
> > - talk to your network administrator about adding an appropriate
> > DNS entry
> >
> >Mark
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >For additional commands, e-mail: users-help@tomcat.apache.org
> >
> =20
> =20
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> =20
> =20
>=20
>=20
>
|