You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by NetSQL <ma...@friendVU.com> on 2005/04/04 22:15:21 UTC
non-root on 80
apache drops to non root after bind to 80.
How can this be done w/ tc 5.5?
.V
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: non-root on 80
Posted by Jeff Duska <je...@duska.com>.
I'm using the jsvc in the commons-daemon with a Tomcat user. Other than
not having to deal with the jsvc, is there a reason to pick this over jsvc?
Thanks,
Jeff Duska
John Lianogou wrote:
> I had to set up a solution using IP tables on my redhat box. First some
> background as to why I solved it this way:
>
> You can't run anything directly on port 80 without that process being
> executed as the root user... which -- for a variety of reasons I'm sure
> you needn't hear me go into -- is a Really Bad Idea. ;-)
>
> What you want to do in this case is to reroute port 80 traffic to a port
> that tomcat can bind to when executed as a "normal" user.
>
> Here's what I did to accomplish this (hopefully you've got iptables on
> your box, as well... tho the path of this script may be different on yr
> system... so check into both matters if this doesn't work for you):
>
> /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT
> --to-port 8080
>
> You'll need root permissions to do this, tho.
>
>
>
> Hope that helps,
>
> jL
>
> On Apr 4, 2005, at 5:58 PM, NetSQL wrote:
>
>> I read that it has a stop method... but how do I get it to run at port
>> 80 ?
>>
>> .V
>>
>> David Smith wrote:
>>
>>> Look at jsvc in the commons-daemon project on jakarta.apache.org/commons
>>> --David
>>> NetSQL wrote:
>>>
>>>> apache drops to non root after bind to 80.
>>>> How can this be done w/ tc 5.5?
>>>> .V
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: non-root on 80
Posted by John Lianogou <li...@arachnedesign.net>.
I had to set up a solution using IP tables on my redhat box. First some
background as to why I solved it this way:
You can't run anything directly on port 80 without that process being
executed as the root user... which -- for a variety of reasons I'm sure
you needn't hear me go into -- is a Really Bad Idea. ;-)
What you want to do in this case is to reroute port 80 traffic to a
port that tomcat can bind to when executed as a "normal" user.
Here's what I did to accomplish this (hopefully you've got iptables on
your box, as well... tho the path of this script may be different on yr
system... so check into both matters if this doesn't work for you):
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT
--to-port 8080
You'll need root permissions to do this, tho.
Hope that helps,
jL
On Apr 4, 2005, at 5:58 PM, NetSQL wrote:
> I read that it has a stop method... but how do I get it to run at port
> 80 ?
>
> .V
>
> David Smith wrote:
>> Look at jsvc in the commons-daemon project on
>> jakarta.apache.org/commons
>> --David
>> NetSQL wrote:
>>> apache drops to non root after bind to 80.
>>> How can this be done w/ tc 5.5?
>>> .V
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: non-root on 80
Posted by David Smith <dn...@cornell.edu>.
Just configure your Tomcat to use port 80 in the <Connector> element of
your server.xml and then use jsvc to start it.
--David
NetSQL wrote:
> I read that it has a stop method... but how do I get it to run at port
> 80 ?
>
> .V
>
> David Smith wrote:
>
>> Look at jsvc in the commons-daemon project on jakarta.apache.org/commons
>>
>> --David
>>
>> NetSQL wrote:
>>
>>> apache drops to non root after bind to 80.
>>> How can this be done w/ tc 5.5?
>>> .V
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: non-root on 80
Posted by NetSQL <ma...@friendVU.com>.
I read that it has a stop method... but how do I get it to run at port 80 ?
.V
David Smith wrote:
> Look at jsvc in the commons-daemon project on jakarta.apache.org/commons
>
> --David
>
> NetSQL wrote:
>
>> apache drops to non root after bind to 80.
>> How can this be done w/ tc 5.5?
>> .V
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: non-root on 80
Posted by David Smith <dn...@cornell.edu>.
Look at jsvc in the commons-daemon project on jakarta.apache.org/commons
--David
NetSQL wrote:
> apache drops to non root after bind to 80.
> How can this be done w/ tc 5.5?
> .V
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: non-root on 80
Posted by George Sexton <gs...@mhsoftware.com>.
In Linux, the workaround is to run on port 8080, and then write an IPTables
rule to forward port 80 to 8080.
George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
> -----Original Message-----
> From: news [mailto:news@sea.gmane.org] On Behalf Of NetSQL
> Sent: Monday, April 04, 2005 2:15 PM
> To: tomcat-user@jakarta.apache.org
> Subject: non-root on 80
>
> apache drops to non root after bind to 80.
> How can this be done w/ tc 5.5?
> .V
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org