Pier, Hmmm. I could only find the setuid() calls in the parent process that launches Tomcat. I couln't find any code JNI code (or a shared library) that Tomcat could use to temporarily switch the user back to root immediately before binding a ServerSocket object and then switching the user back immediately after. Maybe that code already exists somewhere else? If so, let me know where it is and I will definitely use it.
BTW, I like the native startup executable that you wrote. I made a proposal to this list last week about replacing our many shell scripts (which are causing alot of nasty problems on Windows) with a launcher that uses properties files to launch Tomcat or the other related tools. I had originally thought about having a Java read the properties which would then launch Tomcat. However, you native code, especialy with its support for signals and chrooting may be a better option. Sure, I would need the native code to read some properties files to get classpath and other configurable items, but then I could directly invoke Java to run the Tomcat classes. Thanks, Patrick Pier Fumagalli wrote: > > "Patrick Luby" <[EMAIL PROTECTED]> wrote: > > > Remy, > > > > This is great news! > > > > I scanned through the Unix code and noticed that it uses the chmod'ing > > executables with setuid bits instead of performing a JNI call to the setuid() > > and seteuid() C functions before and after binding of a ServerSocket (i.e. the > > place you should need root access if you are binding to ports 1 through 1024). > > This type of approach eliminates the need for a controller and slave process. > > Then it's not my code... My code was written using setuid() and seteuid()... > Actually, the copy I have here also supports CHROOTING of the whole JVM > process, and real/effective group switching (as we say in Italy, "'na botte > de fero"). > > Pier > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- _____________________________________________________________________ Patrick Luby Email: [EMAIL PROTECTED] Sun Microsystems Phone: 408-276-7471 901 San Antonio Road, USCA14-303 Palo Alto, CA 94303-4900 _____________________________________________________________________ -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
