Opened new Issue to update setuid - https://github.com/eclipse/jetty.project/issues/10279
Joakim Erdfelt / [email protected] On Wed, Aug 9, 2023 at 1:11 PM Cantor, Scott <[email protected]> wrote: > > It was never updated for Jetty 10/11, doesn't work with Jetty 10/11 > > properly, and we've had zero complaints about that too. > > It works fine for me with 10 and 11, at least it seems to. Since it has > continued to ship with the software, there was no reason for me to ever ask > about it being supported, and I assumed it still was. > > > What exactly are you trying to accomplish with that old custom libsetuid > > functionality that cannot be done with existing tooling in your > environment? > >(Eg: run Jetty with a specific userid) > > The alternatives are all much worse IMHO. Chaining ports with a firewall > is less performant, and brittle, very easy to screw up, and introduces a > huge loss of "locality" to the whole system. > > The SETCAP thing probably works and will probably be my preferred option > to try, though it's relatively recent in terms of Red Hat releases > (relatively, it probably does exist on 7, though if not, that's a problem > for me for the moment). Its main issue is it applies to the whole java > binary, not just the Jetty process, but for a single use server it's fine. > > Supposedly systemd can do something declaratively I think, but I don't > know if it works with Java, and I have never managed to get a unit file > working with Jetty. But that's largely due to my not having to up until > now. Systemd is also an abomination to begin with of course but is an > unavoidable evil now. > > Anyway, if it's not supported, it's not, that's what I needed to know. I > would say you probably shouldn't be including the shared libs and the > module for it though, it certainly makes it appear that it's still a > standard feature. > > -- Scott > > >
_______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
