Re: Run as nonroot user
set reoadable to true Fabricio Machado wrote: Hi guys! I'm just starting work with Tomcat 4.1.24 and I want to run it with an unprivileged user. The webmasters are boring me every time they update some files in "webapps" directory... they ask me to shutdown/startup Tomcat... :-/ How can I solve this problem ? Some docs ? thanks, Fabricio. ___ Yahoo! Mail Mais espaço, mais segurança e gratuito: caixa postal de 6MB, antivírus, proteção contra spam. http://br.mail.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run as nonroot user
Hi, In order to open a port < 1024 you must be root. So you have to be root to listen on port 80. You can install sudo access and let them run the start command as root but by doing so you are giving the webmasters access to run a shell script as root. They could edit it and put anything they want in it. Big time security hole. A better solution would be to run apache as a front end and have it connect to tomcat. Since tomcat listens on port 8009 a non-privliged user can stop and start it. You can just let apache run... you won't have to restart it. -e On Thu, 10 Jul 2003, [iso-8859-1] Fabricio Machado wrote: > Hi guys! > I'm just starting work with Tomcat 4.1.24 and I want > to run it with an unprivileged user. > The webmasters are boring me every time they update > some files in "webapps" directory... they ask me to > shutdown/startup Tomcat... :-/ > > How can I solve this problem ? > Some docs ? > > thanks, > > Fabricio. > > ___ > Yahoo! Mail > Mais espaço, mais segurança e gratuito: caixa postal de 6MB, antivírus, proteção > contra spam. > http://br.mail.yahoo.com/ > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Run as nonroot user
> A better solution would be to run apache as a front end and > have it connect to tomcat. Since tomcat listens on port 8009 > a non-privliged user can stop and start it. You can just let > apache run... you won't have to restart it. That sounds like an interesting method. At the moment we have to manually restart both. I was of the understanding that you needed to stop and start Apache or else there would be problems with the JK2 connector. Did I miss something? # This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Run as nonroot user
It works for me. Some people are superstitious and I have a tendancy to bang things around. You could always try it and see if it works for you. -e On Thu, 10 Jul 2003, Michele Neylon:: Blacknight Solutions wrote: > > > A better solution would be to run apache as a front end and > > have it connect to tomcat. Since tomcat listens on port 8009 > > a non-privliged user can stop and start it. You can just let > > apache run... you won't have to restart it. > > That sounds like an interesting method. At the moment we have to manually > restart both. I was of the understanding that you needed to stop and start > Apache or else there would be problems with the JK2 connector. Did I miss > something? > > > > > # > This message (and any attachment) is intended only for the > recipient and may contain confidential and/or privileged > material. If you have received this in error, please contact the > sender and delete this message immediately. Disclosure, copying > or other action taken in respect of this email or in > reliance to it is prohibited. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run as nonroot user
You should only need to restart Apache if you have made changes to httpd.conf or to mod_jk2.conf (which is usually #Include(ed) in you httpd.conf file. Which is a pretty rare occurance for me. -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run as nonroot user
In addition to the other suggestions, you might want to try jakarta-commons-sandbox/daemon. It allows Tomcat to bind to port 80, and then changes it to the non-privileged user that you specify (before it actually starts serving requests). "Fabricio Machado" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi guys! > I'm just starting work with Tomcat 4.1.24 and I want > to run it with an unprivileged user. > The webmasters are boring me every time they update > some files in "webapps" directory... they ask me to > shutdown/startup Tomcat... :-/ > > How can I solve this problem ? > Some docs ? > > thanks, > > Fabricio. > > ___ > Yahoo! Mail > Mais espaço, mais segurança e gratuito: caixa postal de 6MB, antivírus, proteção contra spam. > http://br.mail.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run as nonroot user
> In addition to the other suggestions, you might want to try > jakarta-commons-sandbox/daemon. It allows Tomcat to bind to port 80, > and then changes it to the non-privileged user that you specify (before > it actually starts serving requests). How would that work if Apache is already on port 80 (possible dumb question) -- Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Shell hosting now available # This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run as nonroot user
If you have apache on port 80 - then you'll want tomcat listening on a high port. Then you can use jk (or other) to proxy/forward/whatever requests from apache to tomcat. Tomcat can run as any normal user. For more information about connecting apache to tomcat: http://jakarta.apache.org/tomcat/faq/connectors.html -Tim Michele Neylon :: Blacknight Solutions wrote: In addition to the other suggestions, you might want to try jakarta-commons-sandbox/daemon. It allows Tomcat to bind to port 80, and then changes it to the non-privileged user that you specify (before it actually starts serving requests). How would that work if Apache is already on port 80 (possible dumb question) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run as nonroot user
You would only need the sandbox daemon if you weren't using Apache. The point is that you need something like the sandbox daemon to bind to port 80 and avoid running Tomcat as root. John On Fri, 11 Jul 2003 09:45:56 +0100 (BST), Michele Neylon :: Blacknight Solutions <[EMAIL PROTECTED]> wrote: In addition to the other suggestions, you might want to try jakarta-commons-sandbox/daemon. It allows Tomcat to bind to port 80, and then changes it to the non-privileged user that you specify (before it actually starts serving requests). How would that work if Apache is already on port 80 (possible dumb question) -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run as nonroot user
> > You would only need the sandbox daemon if you weren't using Apache. The > point is that you need something like the sandbox daemon to bind to > port 80 and avoid running Tomcat as root. > > John Thanks John I was getting a little confused (as usual!) -- Mr. Michele Neylon Blacknight Solutions http://www.blacknightsolutions.com/ Shell hosting now available # This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance to it is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]