Menu
▾
▴
Re: [Wrapper-user] Changin user
|
From: David H. <da...@sm...> - 2006-06-25 21:28:31
|
Martin, I'll copy from previous posts... I hope it helps Davy Boy Out... -------------------------------------------------------------------------- Hi JSW developers. I couldn't find info on your web pages / docs about whether JSW implements this feature, so I'm guessing it doesn't -- the ability to run a Java program as a non-root user and open privileged server ports. For example, run Tomcat through JSW as user "tomcat" and still open web server port 80. The Apache Jakarta Commons Daemon jsvc binary that comes with Tomcat does this, but has fewer other features: http://jakarta.apache.org/commons/daemon/jsvc.html JSW doesn't do it as far as I can see, but has lots of nice service features that Tomcat users could make use of -- but most will want the port 80 capability. Have you considered adding this feature already? I searched this mailing list archive and did not see it discussed. Cheers. -- Jason Brittain -------------------------------------------------------------------------- Jason, This is discussed in this feature request. http://sourceforge.net/tracker/index.php?func=detail&aid=490806&group_id=394 28&atid=425190 If there is anything that I have overlooked, feel free to add to this issue. It is something I would like to make available, I am just not sure how. The problem is that the Tomcat loader binds to the port as root and then changes to another user while maintaining a reference to the port. Once the user has been changed, there is of course no way to go back to being root. The Wrapper could do something like this once, but it would not be possible to recover from failures and launch a new JVM as that would require becoming root a second time. In your case, it sounds like you want to let your live users connect directly to Tomcat. I haven't used the newest version, but older versions were not really designed for this. Usually, you would have Apache running and then connect to Tomcat using mod_jk. This makes it possible for Tomcat to only need high ports, resolving this problem completely. Cheers, Leif -------------------------------------------------------------------------- On 4/9/06, Leif Mortenson <le...@ta...> wrote: > Jason, > This is discussed in this feature request. > http://sourceforge.net/tracker/index.php?func=detail&aid=490806&group_id=394 28&atid=425190 > If there is anything that I have overlooked, feel free to add to > this issue. It is something I would like to make available, I am just > not sure how. Thanks for the link. I figured I wouldn't be the first to ask about it. I'll add to the issue. > The problem is that the Tomcat loader binds to the port as root > and then changes to > another user while maintaining a reference to the port. Once the user > has been changed, > there is of course no way to go back to being root. > > The Wrapper could do something like this once, but it would not be > possible to recover from failures and launch a new JVM as that would > require becoming root a second time. >From what I can tell, jsvc does not do it this way. So, you should >really have a look at their implementation. I believe it's something you could add to JSW. > In your case, it sounds like you want to let your live users > connect directly to Tomcat. I do indeed. > I haven't used the newest version, but older versions were not really > designed for this. As of at least 3 years ago they were. This is an area where Tomcat has improved every year for many years. At this point, Tomcat is at least as fast at serving static content as Apache httpd. > Usually, you would have Apache running and then connect to Tomcat > using mod_jk. That pattern is still popular, but slows down Tomcat. I no longer suggest this pattern, mainly because Tomcat stand-alone is plenty capable now, and setting up two servers (both httpd and Tomcat), plus a connector to connect them is much more difficult to get working, and to maintain. And, Tomcat is now full featured enough that most people don't need Apache httpd anymore (although most don't realize this). > This makes it possible for Tomcat to only need high ports, resolving > this problem completely. And creating the problem of lower performance, more difficult maintenance, more difficult troubleshooting since you have two servers involved in each request, etc.. Some folks will always set up Tomcat behind httpd, and will insist that it is the right way, but that's more of a resistance to change than anything. Meanwhile, a large percentage of Tomcat users are now happily using it without Apache httpd. and they want to run it on port 80 as a non-root user. Thanks. -- Jason Brittain -------------------------------------------------------------------------- -----Original Message----- From: wra...@li... [mailto:wra...@li...] On Behalf Of Martin Novak Sent: 25 June 2006 17:07 To: wra...@li... Subject: [Wrapper-user] Changin user Hello, I want to start using wrapper in my server as a daemon under unix. The problem is that in unix as a normal user I cannot listen to the port lower than 1000, and nobody would allow server to run my server under root account because of security reasons. So what would I like to do is to start as root, bind ports, and then switch to different user. I would appretiate if somebody can write me if this is supported by wrapper. thanks, Martin Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Wrapper-user mailing list Wra...@li... https://lists.sourceforge.net/lists/listinfo/wrapper-user |
