tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: getting "BindException: permission denied" exception when trying to change port 8080 to 8090
Date Fri, 22 Dec 2017 17:58:11 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Coty,

On 12/21/17 3:49 PM, Coty Sutherland wrote:
> On Thu, Dec 21, 2017 at 2:45 PM, Alceu R. de Freitas Jr. 
> <glasswalk3r@yahoo.com.br.invalid> wrote:
>> Hello Cristopher, I never saw something like that too. I also
>> search on Google, all occurrences happened with people trying to
>> run Tomcat on privileged ports (<1024). Here is a quick test,
>> with port 9090:
>> 
>> [root@localhost ~]# systemctl stop tomcat [root@localhost ~]# rm
>> -f /var/log/tomcat/* [root@localhost ~]# vi
>> /etc/tomcat/server.xml [root@localhost ~]# grep -A 2 'Connector
>> port="9090"' /etc/tomcat/server.xml <Connector port="9090"
>> protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"
>> /> [root@localhost ~]# systemctl start tomcat [root@localhost ~]#
>> systemctl status tomcat ● tomcat.service - Apache Tomcat Web
>> Application Container Loaded: loaded
>> (/usr/lib/systemd/system/tomcat.service; disabled; vendor preset:
>> disabled) Active: active (running) since Qui 2017-12-21 17:39:57
>> -02; 6s ago Main PID: 4385 (java) CGroup:
>> /system.slice/tomcat.service └─4385 /usr/lib/jvm/jre/bin/java
>> -classpath
>> /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli
.jar:/usr/share/java/commons-da...
>>
>>
>> 
Dez 21 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 5:40:03
PM org.apache.catalina.startup.HostConfig deployDirectory
>> Dez 21 17:40:03 localhost.localdomain server[4385]: INFORMAÇÕES:
>> Deployment of web application directory
>> /var/lib/tomcat/webapps/manager has finish… in 498 ms Dez 21
>> 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 5:40:03
>> PM org.apache.catalina.startup.HostConfig deployDirectory Dez 21
>> 17:40:03 localhost.localdomain server[4385]: INFORMAÇÕES:
>> Deploying web application directory /var/lib/tomcat/webapps/ROOT 
>> Dez 21 17:40:03 localhost.localdomain server[4385]: dez 21, 2017
>> 5:40:03 PM org.apache.catalina.startup.TldConfig execute Dez 21
>> 17:40:03 localhost.localdomain server[4385]: INFORMAÇÕES: At
>> least one JAR was scanned for TLDs yet contained no TLDs. Enable
>> debug logging …tion time. Dez 21 17:40:03 localhost.localdomain
>> server[4385]: dez 21, 2017 5:40:03 PM
>> org.apache.catalina.startup.HostConfig deployDirectory Dez 21
>> 17:40:03 localhost.localdomain server[4385]: INFORMAÇÕES:
>> Deployment of web application directory
>> /var/lib/tomcat/webapps/ROOT has finished in 534 ms Dez 21
>> 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 5:40:03
>> PM org.apache.catalina.startup.HostConfig deployDirectory Dez 21
>> 17:40:03 localhost.localdomain server[4385]: INFORMAÇÕES:
>> Deploying web application directory
>> /var/lib/tomcat/webapps/examples Hint: Some lines were
>> ellipsized, use -l to show in full. [root@localhost ~]# less
>> /var/log/tomcat/catalina.2017-12-21.log GRAVE: Failed to
>> initialize end point associated with ProtocolHandler
>> ["http-bio-9090"] java.net.BindException: Permissão negada (Bind
>> failed) <null>:9090 at
>> org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:413)
>>
>> 
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:7
15)
>> at
>> org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:452)
>>
>> 
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11J
sseProtocol.java:119)
>> at
>> org.apache.catalina.connector.Connector.initInternal(Connector.java:9
78)
>>
>> 
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>> at
>> org.apache.catalina.core.StandardService.initInternal(StandardService
.java:560)
>>
>> 
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>> at
>> org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
ava:840)
>>
>> 
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>> at org.apache.catalina.startup.Catalina.load(Catalina.java:642) 
>> at org.apache.catalina.startup.Catalina.load(Catalina.java:667) 
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:62)
>>
>> 
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498) at
>> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:253) at
>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:427) 
>> Caused by: java.net.BindException: Permissão negada (Bind
>> failed) at java.net.PlainSocketImpl.socketBind(Native Method) at
>> java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:38
7)
>>
>> 
at java.net.ServerSocket.bind(ServerSocket.java:375)
>> at java.net.ServerSocket.<init>(ServerSocket.java:237) at
>> java.net.ServerSocket.<init>(ServerSocket.java:181) at
>> org.apache.tomcat.util.net.DefaultServerSocketFactory.createSocket(De
faultServerSocketFactory.java:49)
>>
>> 
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
>> ... 17 more dez 21, 2017 5:40:00 PM
>> org.apache.catalina.core.StandardService initInternal GRAVE:
>> Failed to initialize connector [Connector[HTTP/1.1-9090]] 
>> org.apache.catalina.LifecycleException: Failed to initialize
>> component [Connector[HTTP/1.1-9090]] at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
>>
>> 
at
org.apache.catalina.core.StandardService.initInternal(StandardService.ja
va:560)
>> at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>>
>> 
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java
:840)
>> at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>>
>> 
at org.apache.catalina.startup.Catalina.load(Catalina.java:642)
>> at org.apache.catalina.startup.Catalina.load(Catalina.java:667) 
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:62)
>>
>> 
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498) at
>> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:253) at
>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:427) 
>> Caused by: org.apache.catalina.LifecycleException: Protocol
>> handler initialization failed at
>> org.apache.catalina.connector.Connector.initInternal(Connector.java:9
80)
>>
>> 
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
>> ... 12 more Caused by: java.net.BindException: Permissão negada
>> (Bind failed) <null>:9090 at
>> org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:413)
>>
>> 
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:7
15)
>> at
>> org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:452)
>>
>> 
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11J
sseProtocol.java:119)
>> at
>> org.apache.catalina.connector.Connector.initInternal(Connector.java:9
78)
>>
>> 
... 13 more
>> Caused by: java.net.BindException: Permissão negada (Bind
>> failed) at java.net.PlainSocketImpl.socketBind(Native Method) at
>> java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:38
7)
>>
>> 
at java.net.ServerSocket.bind(ServerSocket.java:375)
> 
> This behavior is due to a fix in the selinux-policy package; see 
> https://bugzilla.redhat.com/show_bug.cgi?id=1432083 for more
> details. If you check /var/log/audit/audit.log you'll see an AVC
> denial, such as:
> 
> type=AVC msg=audit(1513815897.006:136): avc:  denied  { name_bind }
> for  pid=1467 comm="java" src=8090 
> scontext=system_u:system_r:tomcat_t:s0 
> tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket
> ...
> 
> Previous version tomcat were incorrectly labeled unconfined_t and 
> could do whatever they wanted, that has been address and now tomcat
> is confined by selinux as it should be :)
> 
> You can fix the problem by adding the port you want to allow to
> the system's HTTP port type, http_port_t: `semanage port --add -t 
> http_port_t -p tcp 8090`

This is exactly like what I was expecting to be the solution, here.

OP didn't mention SELinux, but I was thinking that this looked a lot
like what might happen if authbind wasn't configured properly... but
for non-privileged ports.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlo9R7MdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFgmohAAkiiqrYIw/tzqQj5B
wf39JCOpzD3tOqgynByBbQKWsEhilHssdSlsLRoQ5C20f1Q7vySlpLwMvdK+bfXb
+5bgP8ViSdI89fyDOm8h79NIoYuvOasrbZ99r6+WbQFGuunozeGP6mFxCZIyaoPo
BwukmQSCQow37tmJ8qSbGYDiHCmdhW6T6hNCHvcnNJq4gVqqTAQpWJlU1g9BdGCD
iukYU5e/PIopU2ELRXNk1r88xVorE2SyD8u7uEeFcFZN0Boar3nkfdoQ4Za44Xhp
0+FtdvQo9Y0zVOMnJSvs+0hPvvkLQRoP4YV4VQz3zLnFXTuzgkgxpKzP9h9npCWk
CVcwwycQhdV2l4AhhecCt1b87E2kAgHqRkY88VDADq69LZIn8IDn7hP8KewiDErX
qoTjEQAV+dLY3Wq65bTGvGsjc928MLexRR7gN+SJYMvRc4ygMxLQOGFNOe7ccCzL
PyJlXz3ouVwUvp+4iu6POSQOqrAK4LNPHZIJ3wM5DEB/7FQDReGZte6FrCEzL7a9
jQwtl6kv4v7xI3Oo32vxpjNdsDc6v6CpIjY6KljVGD/5CppFTB5VzrNgufnIHrVu
7xSAYH17tF7MfedRoHT0A82lyonRtFzm0dJZFygJTi0pqSjmkYycvu1pBZWRF8ar
mXXCjyJypLVgoAXJejYRnrp+FtU=
=Zs/4
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message