Tomcat as root and security issues

[Gaurav Kushwaha <ga...@gmail.com>]

I read somewhere that if I want to run Tomcat standalone on port 80, I will
have to run it as root and that this is potentially unsafe. Is there any way
for me to run it on port 80 without having to give the root privileges to
the process.

Thanks,

Gaurav Singh Kushwaha
http://www.chakpak.com

Ph: +91-9880101496
Bangalore, India.

Re: Tomcat as root and security issues

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gaurav,

Also look at "jsvc", which will allow you to run Tomcat as non-root and
still use port 80.

- -chris

Mikolaj Rydzewski wrote:
> Gaurav Kushwaha wrote:
>> I read somewhere that if I want to run Tomcat standalone on port 80, I
>> will
>> have to run it as root and that this is potentially unsafe. Is there
>> any way
>> for me to run it on port 80 without having to give the root privileges to
>> the process.
> Use apache (+ mod_jk or mod_proxy_ajp) as a frontend.
> Use squid reverse proxy as a frontend.
> Use port forwarding.
> Other soloutions are possible also.
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFulVh9CaO5/Lv0PARAif9AJwLQixlU9wBiYPA59fLveUgeTOAiQCeOBSY
qOuOSTztBD+n4NwSguagw9M=
=m4mj
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat as root and security issues

[Gaurav Kushwaha <ga...@gmail.com>]

Thanks,
    I will read about these.

Gaurav Singh Kushwaha
http://www.chakpak.com

Ph: +91-9880101496
Bangalore, India.
On 1/26/07, Mikolaj Rydzewski <mi...@ceti.pl> wrote:
>
> Gaurav Kushwaha wrote:
> > I read somewhere that if I want to run Tomcat standalone on port 80, I
> > will
> > have to run it as root and that this is potentially unsafe. Is there
> > any way
> > for me to run it on port 80 without having to give the root privileges
> to
> > the process.
> Use apache (+ mod_jk or mod_proxy_ajp) as a frontend.
> Use squid reverse proxy as a frontend.
> Use port forwarding.
> Other soloutions are possible also.
>
> --
> Mikolaj Rydzewski <mi...@ceti.pl>
>
>
>
>

Re: Tomcat as root and security issues

[Mikolaj Rydzewski <mi...@ceti.pl>]

Gaurav Kushwaha wrote:
> I read somewhere that if I want to run Tomcat standalone on port 80, I 
> will
> have to run it as root and that this is potentially unsafe. Is there 
> any way
> for me to run it on port 80 without having to give the root privileges to
> the process.
Use apache (+ mod_jk or mod_proxy_ajp) as a frontend.
Use squid reverse proxy as a frontend.
Use port forwarding.
Other soloutions are possible also.

-- 
Mikolaj Rydzewski <mi...@ceti.pl>

Re: Tomcat as root and security issues

[Markus Schönhaber <ma...@schoenhaber.de>]

Gaurav Kushwaha wrote:

> I read somewhere that if I want to run Tomcat standalone on port 80, I will
> have to run it as root and that this is potentially unsafe.

That's in no way Tomcat-specific. On Unix-like systems an application needs 
root privileges to be able to bind to ports with numbers < 1024.

> Is there any 
> way for me to run it on port 80 without having to give the root privileges
> to the process.

Aside from the techniques others have already mentioned, there's jsvc. It will 
allow Tomcat to bind to privileged ports and drop privileges afterwards. You 
should find the sources in the "bin" directory of your Tomcat distribution. 
More info here:
http://jakarta.apache.org/commons/daemon/
Especially:
http://jakarta.apache.org/commons/daemon/jsvc.html

Regards
  mks

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org