tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Delle Grazie <brett.dellegra...@gmail.com>
Subject Re: tomcat 7 with APR connector on ubuntu
Date Thu, 16 Jan 2014 22:44:59 GMT
Christopher,

On 16 January 2014 22:28, Christopher Schultz
<chris@christopherschultz.net>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Brett,
>
> On 1/15/14, 7:41 PM, Brett Delle Grazie wrote:
> > On 15 January 2014 16:53, Mubeen Shah <mubeenshah@gmail.com>
> > wrote:
> >
> >> Hello,
> >>
> >> I am trying to configure tomcat 7 on ubuntu machine and wanted to
> >> run it as non-root on port 80, Here is what I did so far:
> >>
> >> OS (Ubuntu 12.04 LTS):
> >>
> >> - installed oracle JDK 1.7.0_45 using "apt-get" - downloaded and
> >> extracted tomcat 7.0.50 (.gz format) - created ubuntu user
> >> 'tomcat' and granted 'chown -R CATALINA_HOME' to this user -
> >> changed tomcat default port to 80 in server.xml - installed and
> >> configured authbind tool - created sh script
> >> "/etc/init.d/tomcat7" to start tomcat as tomcat user.
> >>
> >
> > What was in this script?
> >
> >
> >> - tomcat 7 was working as expected on 80 port as non-root user.
> >>
> >
> > That is surprising, see further below.
>
> [snip]
>
> > Linux will not allow anything but root to bind on ports < 1024.
> > Usually the process starts as root, binds to the port and then
> > drops it's privileges back to the desired user.
>
> Note that the OP is using authbind (or at least attempting to do so).
>

Yes I missed that in the original message, thank you for pointing it out.


>
> > You'll need to use jsvc to start Tomcat and drop privileges.
>
> Um... authbind?


Noted.


>
> Perhaps authbind doesn't work with Java and/or Tomcat/APR but this is
> precisely what authbind was designed to do.
>

The OP looks like they've locally compiled APR. I wonder if that's the root
cause.


> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJS2F0JAAoJEBzwKT+lPKRYuVsQALp+Hbtc/SjgszPUeTgc9aJ7
> 0UEg4S3cHqozrXVgn45V+zAXYqsCfzoge0nS9VK4ar/RJiF0mVMLG3TUm6+0fget
> l7O1YDZU+VgNEBd/ci/25BmZwZIJ4e9d53N24mJ2Et7FuWuhFOK8FrtcfFmyZPRa
> j0xndOJCNg7Yeub6kYLRWDXIuLdRkzwWMtqGnQ4kb15pyM1TdMiaL4BvYDfECjC8
> uwwU0jipJE+2JPTqwzn+MgUolcVEmJRoL0MfGyMT1kE4smLXFOGPuDFL7cmJtikx
> Elmr7BvTMc9POY4BzXEkVwCfHcA+dqKJNzeELfJffzVD2qKvM2m3Ivp4vZglukKE
> Joho1PWeN1dRasU+ncZI+EiDtnE8tI114kHrehBBTYjdM0q9zQnYGewycBVQMIrU
> /TbxbOdUB8rBM3yIN1JRA6psE+r9jVxg/6sva+qN8gww7eQJFtvVI8oRViHT4sya
> dMI162eRDYhN9L2ZZv51UV6LBHTaKybL1WZQRahJw3rFysQQk51DXGPuOiKruzyF
> FwcrMVxvyaANGRsr4YpjfKg9sKBxjXbO+AhCX6loY8SUWHufy7nAT8+LGayRirjR
> LlDYQqcaMWzxZCPYOLl1VcjkUuGSJQP7th2xXdiHSGwZPj9W31RFsZHp0pQESBkD
> /7vB2xDCfrJk2zKbPKa0
> =o6Wu
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
-- 
Kind regards,

Brett

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message