You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Joe Tomcat <to...@mobile.mp> on 2002/09/06 07:38:59 UTC
Starting and stopping Tomcat as non-root
I am running Tomcat on port 80 (not using Apache) on Redhat 7.3.
Obviously, Tomcat needs to be root to listen on port 80. Therefore, to
start it or stop it, I need to do that as root. The problem is that I
want to use ant tasks to start and stop it. I can easily have ant tasks
which execute startup.sh and shutdown.sh, but then I have a to run ant,
and therefore do all my development, as root, something which I
definitely do not want to do.
Unfortunately Linux doesn't let me make shell scripts setuid, so how do
I do this? I realize that setuid scripts are a security hole, but there
are no untrusted users on this machine (I'm the only user) so it doesn't
matter.
Alternatively, is there a way to make Linux so that it lets any user
bind to any port? This "must be root to bind to low ports" is the most
idiotic "security" measure in all of Unix land and has resulted in more
breakins over the years than any other single thing. Can I turn it off?
Thanks!
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Starting and stopping Tomcat as non-root
Posted by "Sexton, George" <gs...@mhsoftware.com>.
Lately, I have been thinking of writing a JNI library to call setuid() and
setgid() to change the effective user ID and group ID of the process after
it starts.
I'm not sure how this would affect the various startup and shutdown scripts,
but it would be interesting from a security standpoint.
-----Original Message-----
From: Joe Tomcat [mailto:tomcat@mobile.mp]
Sent: 05 September, 2002 11:39 PM
To: Tomcat Users List
Subject: Starting and stopping Tomcat as non-root
I am running Tomcat on port 80 (not using Apache) on Redhat 7.3.
Obviously, Tomcat needs to be root to listen on port 80. Therefore, to
start it or stop it, I need to do that as root. The problem is that I
want to use ant tasks to start and stop it. I can easily have ant tasks
which execute startup.sh and shutdown.sh, but then I have a to run ant,
and therefore do all my development, as root, something which I
definitely do not want to do.
Unfortunately Linux doesn't let me make shell scripts setuid, so how do
I do this? I realize that setuid scripts are a security hole, but there
are no untrusted users on this machine (I'm the only user) so it doesn't
matter.
Alternatively, is there a way to make Linux so that it lets any user
bind to any port? This "must be root to bind to low ports" is the most
idiotic "security" measure in all of Unix land and has resulted in more
breakins over the years than any other single thing. Can I turn it off?
Thanks!
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Starting and stopping Tomcat as non-root
Posted by Javier Rodriguez <ja...@dgps.mcu.es>.
Try redirecting port 80 to Tomcat's defaults:
http://jetty.mortbay.org/jetty/doc/User80.html
-----Mensaje original-----
De: Joe Tomcat [mailto:tomcat@mobile.mp]
Enviado el: viernes, 06 de septiembre de 2002 7:39
Para: Tomcat Users List
Asunto: Starting and stopping Tomcat as non-root
I am running Tomcat on port 80 (not using Apache) on Redhat 7.3.
Obviously, Tomcat needs to be root to listen on port 80. Therefore, to
start it or stop it, I need to do that as root. The problem is that I
want to use ant tasks to start and stop it. I can easily have ant tasks
which execute startup.sh and shutdown.sh, but then I have a to run ant,
and therefore do all my development, as root, something which I
definitely do not want to do.
Unfortunately Linux doesn't let me make shell scripts setuid, so how do
I do this? I realize that setuid scripts are a security hole, but there
are no untrusted users on this machine (I'm the only user) so it doesn't
matter.
Alternatively, is there a way to make Linux so that it lets any user
bind to any port? This "must be root to bind to low ports" is the most
idiotic "security" measure in all of Unix land and has resulted in more
breakins over the years than any other single thing. Can I turn it off?
Thanks!
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>