On Tue, 17 Apr 2007, Faheem Mitha wrote:
On Tue, 17 Apr 2007, David Smith wrote:
Ahhh the joy of *nix operating systems. Way back in the distant past of
unix systems, someone decided it was a bad idea to allow any user on the
system to bind to the well known low ports (1 - 1024) where officially
sanctioned services (POP, SMTP, FTP, etc., ...) should be. A great idea
except it also required the services to be running as a privileged user to
gain access. For a lot of reasons, services should run with the least
privilege.
A couple of the most common solutions to this problem are:
1. Start tomcat using jsvc. You can get it from the commons-daemon project
at http://jakarta.apache.org/commons/daemon
2. Run tomcat on a higher port like 8443 and attempt to use iptables to
divert the traffic intended for 443 to tomcat. I'm a bit dubious on if
this will work with an SSL connection. You can try it if you like.
My vote is for 1. It's easy and tomcat can act as a well behaved,
respectable service running with minimum privilege while still capturing a
"privileged" port.
I'm inclined to go for 1 too. Are there any drawbacks to this approach
besides introducing another piece of software? Also, can anyone recommend a
nice simple howto or somesuch?
I just discovered that the latest version of the tomcat 5.5 debian package
in unstable (5.5.20-4) uses jsvc. So I happily installed it, only to
discover that it is buggy, and does not appear to run correctly. The
version 5.5.20-2 in etch works fine, but does not use jsvc. This is a
major drag.
I don't feel competent to mess around with init scripts and so forth, so
I'd much rather use the Debian package. Does anyone have a locally fixed
version or have other suggestions about what to do?
Faheem.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
