Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 311B7200D63 for ; Thu, 21 Dec 2017 21:49:50 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 2F913160C2B; Thu, 21 Dec 2017 20:49:50 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 50412160C12 for ; Thu, 21 Dec 2017 21:49:49 +0100 (CET) Received: (qmail 42343 invoked by uid 500); 21 Dec 2017 20:49:47 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 42327 invoked by uid 99); 21 Dec 2017 20:49:47 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Dec 2017 20:49:47 +0000 Received: from mail-qk0-f182.google.com (mail-qk0-f182.google.com [209.85.220.182]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 63DF91A00A0 for ; Thu, 21 Dec 2017 20:49:45 +0000 (UTC) Received: by mail-qk0-f182.google.com with SMTP id p13so16439461qke.4 for ; Thu, 21 Dec 2017 12:49:45 -0800 (PST) X-Gm-Message-State: AKGB3mJXCn6QYdLNptBAuo2+B0ioBgplrV5o0P0jJPfIUDNnYvYJL5Xg EIcbgSGr7FkQW2PojtzL75IPuBSoZdjDg2NauVtzsg== X-Google-Smtp-Source: ACJfBovlA2DZqsWfvPta0VUp8r19WN6XcD3pfWksrfU+ErWdvYtbxavCs57BZU0Hui+y22ecO7Yt5DEDN9ll3ffJbLE= X-Received: by 10.55.8.19 with SMTP id 19mr16743037qki.18.1513889383988; Thu, 21 Dec 2017 12:49:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.237.36.244 with HTTP; Thu, 21 Dec 2017 12:49:43 -0800 (PST) In-Reply-To: <114488415.2762446.1513885505198@mail.yahoo.com> References: <1545399308.2733858.1513881375333.ref@mail.yahoo.com> <1545399308.2733858.1513881375333@mail.yahoo.com> <114488415.2762446.1513885505198@mail.yahoo.com> From: Coty Sutherland Date: Thu, 21 Dec 2017 15:49:43 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: getting "BindException: permission denied" exception when trying to change port 8080 to 8090 To: Tomcat Users List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable archived-at: Thu, 21 Dec 2017 20:49:50 -0000 On Thu, Dec 21, 2017 at 2:45 PM, Alceu R. de Freitas Jr. wrote: > Hello Cristopher, > I never saw something like that too. I also search on Google, all occurre= nces happened with people trying to run Tomcat on privileged ports (<1024). > Here is a quick test, with port 9090: > > [root@localhost ~]# systemctl stop tomcat > [root@localhost ~]# rm -f /var/log/tomcat/* > [root@localhost ~]# vi /etc/tomcat/server.xml > [root@localhost ~]# grep -A 2 'Connector port=3D"9090"' /etc/tomcat/serve= r.xml > connectionTimeout=3D"20000" > redirectPort=3D"8443" /> > [root@localhost ~]# systemctl start tomcat > [root@localhost ~]# systemctl status tomcat > =E2=97=8F tomcat.service - Apache Tomcat Web Application Container > Loaded: loaded (/usr/lib/systemd/system/tomcat.service; disabled; vend= or preset: disabled) > Active: active (running) since Qui 2017-12-21 17:39:57 -02; 6s ago > Main PID: 4385 (java) > CGroup: /system.slice/tomcat.service > =E2=94=94=E2=94=804385 /usr/lib/jvm/jre/bin/java -classpath /u= sr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/us= r/share/java/commons-da... > > Dez 21 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 5:40:03 = PM org.apache.catalina.startup.HostConfig deployDirectory > Dez 21 17:40:03 localhost.localdomain server[4385]: INFORMA=C3=87=C3=95ES= : Deployment of web application directory /var/lib/tomcat/webapps/manager h= as finish=E2=80=A6 in 498 ms > Dez 21 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 5:40:03 = PM org.apache.catalina.startup.HostConfig deployDirectory > Dez 21 17:40:03 localhost.localdomain server[4385]: INFORMA=C3=87=C3=95ES= : Deploying web application directory /var/lib/tomcat/webapps/ROOT > Dez 21 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 5:40:03 = PM org.apache.catalina.startup.TldConfig execute > Dez 21 17:40:03 localhost.localdomain server[4385]: INFORMA=C3=87=C3=95ES= : At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug= logging =E2=80=A6tion time. > Dez 21 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 5:40:03 = PM org.apache.catalina.startup.HostConfig deployDirectory > Dez 21 17:40:03 localhost.localdomain server[4385]: INFORMA=C3=87=C3=95ES= : Deployment of web application directory /var/lib/tomcat/webapps/ROOT has = finished in 534 ms > Dez 21 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 5:40:03 = PM org.apache.catalina.startup.HostConfig deployDirectory > Dez 21 17:40:03 localhost.localdomain server[4385]: INFORMA=C3=87=C3=95ES= : Deploying web application directory /var/lib/tomcat/webapps/examples > Hint: Some lines were ellipsized, use -l to show in full. > [root@localhost ~]# less /var/log/tomcat/catalina.2017-12-21.log > GRAVE: Failed to initialize end point associated with ProtocolHandler ["h= ttp-bio-9090"] > java.net.BindException: Permiss=C3=A3o negada (Bind failed) :9090 > at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:4= 13) > at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpo= int.java:715) > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:= 452) > at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(Abstr= actHttp11JsseProtocol.java:119) > at org.apache.catalina.connector.Connector.initInternal(Connector= .java:978) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java= :102) > at org.apache.catalina.core.StandardService.initInternal(Standard= Service.java:560) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java= :102) > at org.apache.catalina.core.StandardServer.initInternal(StandardS= erver.java:840) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java= :102) > at org.apache.catalina.startup.Catalina.load(Catalina.java:642) > at org.apache.catalina.startup.Catalina.load(Catalina.java:667) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess= orImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth= odAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:253) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:427) > Caused by: java.net.BindException: Permiss=C3=A3o negada (Bind failed) > at java.net.PlainSocketImpl.socketBind(Native Method) > at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.= java:387) > at java.net.ServerSocket.bind(ServerSocket.java:375) > at java.net.ServerSocket.(ServerSocket.java:237) > at java.net.ServerSocket.(ServerSocket.java:181) > at org.apache.tomcat.util.net.DefaultServerSocketFactory.createSo= cket(DefaultServerSocketFactory.java:49) > at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:4= 00) > ... 17 more > dez 21, 2017 5:40:00 PM org.apache.catalina.core.StandardService initInte= rnal > GRAVE: Failed to initialize connector [Connector[HTTP/1.1-9090]] > org.apache.catalina.LifecycleException: Failed to initialize component [C= onnector[HTTP/1.1-9090]] > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java= :107) > at org.apache.catalina.core.StandardService.initInternal(Standard= Service.java:560) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java= :102) > at org.apache.catalina.core.StandardServer.initInternal(StandardS= erver.java:840) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java= :102) > at org.apache.catalina.startup.Catalina.load(Catalina.java:642) > at org.apache.catalina.startup.Catalina.load(Catalina.java:667) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess= orImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth= odAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:253) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:427) > Caused by: org.apache.catalina.LifecycleException: Protocol handler initi= alization failed > at org.apache.catalina.connector.Connector.initInternal(Connector= .java:980) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java= :102) > ... 12 more > Caused by: java.net.BindException: Permiss=C3=A3o negada (Bind failed) :9090 > at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:4= 13) > at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpo= int.java:715) > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:= 452) > at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(Abstr= actHttp11JsseProtocol.java:119) > at org.apache.catalina.connector.Connector.initInternal(Connector= .java:978) > ... 13 more > Caused by: java.net.BindException: Permiss=C3=A3o negada (Bind failed) > at java.net.PlainSocketImpl.socketBind(Native Method) > at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.= java:387) > at java.net.ServerSocket.bind(ServerSocket.java:375) This behavior is due to a fix in the selinux-policy package; see https://bugzilla.redhat.com/show_bug.cgi?id=3D1432083 for more details. If you check /var/log/audit/audit.log you'll see an AVC denial, such as: type=3DAVC msg=3Daudit(1513815897.006:136): avc: denied { name_bind } for pid=3D1467 comm=3D"java" src=3D8090 scontext=3Dsystem_u:system_r:tomcat_t:s0 tcontext=3Dsystem_u:object_r:unreserved_port_t:s0 tclass=3Dtcp_socket ... Previous version tomcat were incorrectly labeled unconfined_t and could do whatever they wanted, that has been address and now tomcat is confined by selinux as it should be :) You can fix the problem by adding the port you want to allow to the system's HTTP port type, http_port_t: `semanage port --add -t http_port_t -p tcp 8090` Cheers, > [root@localhost ~]# ps aux | grep -i tomcat > tomcat 4385 3.4 10.8 2306540 110448 ? Ssl 17:39 0:09 /usr/lib= /jvm/jre/bin/java -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share= /tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.b= ase=3D/usr/share/tomcat -Dcatalina.home=3D/usr/share/tomcat -Djava.endorsed= .dirs=3D -Djava.io.tmpdir=3D/var/cache/tomcat/temp -Djava.util.logging.conf= ig.file=3D/usr/share/tomcat/conf/logging.properties -Djava.util.logging.man= ager=3Dorg.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bo= otstrap start > root 4438 0.0 0.0 112680 988 pts/0 R+ 17:44 0:00 grep --c= olor=3Dauto -i tomcat > > > Em quinta-feira, 21 de dezembro de 2017 17:34:39 BRST, Christopher Sch= ultz escreveu: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > I've never seem "BindException: permission denied" when the port > number is above 1024. Are you sure it's the connector port (e.g. 8090) > it's complaining about? > > When you try your "other applications" test, are you sure you are > running as the same effective user as the Tomcat process? > > - -chris > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org