Patrick Luby wrote: > > Pier, > > Hmmm. I could only find the setuid() calls in the parent process that launches > Tomcat. I couln't find any code JNI code (or a shared library) that Tomcat could > use to temporarily switch the user back to root immediately before binding a > ServerSocket object and then switching the user back immediately after. Maybe > that code already exists somewhere else? If so, let me know where it is and I > will definitely use it.
Costin has started something like that in jakarta-tomcat-connectors/jk/native/jni/jk_jni_aprImpl.c the way is the good one: Use APR to save porting problems. > > BTW, I like the native startup executable that you wrote. I made a proposal to > this list last week about replacing our many shell scripts (which are causing > alot of nasty problems on Windows) with a launcher that uses properties files to > launch Tomcat or the other related tools. I had originally thought about having > a Java read the properties which would then launch Tomcat. However, you native > code, especialy with its support for signals and chrooting may be a better > option. Sure, I would need the native code to read some properties files to get > classpath and other configurable items, but then I could directly invoke Java to > run the Tomcat classes. > > Thanks, > > Patrick > > Pier Fumagalli wrote: > > > > "Patrick Luby" <[EMAIL PROTECTED]> wrote: > > > > > Remy, > > > > > > This is great news! > > > > > > I scanned through the Unix code and noticed that it uses the chmod'ing > > > executables with setuid bits instead of performing a JNI call to the setuid() > > > and seteuid() C functions before and after binding of a ServerSocket (i.e. the > > > place you should need root access if you are binding to ports 1 through 1024). > > > This type of approach eliminates the need for a controller and slave process. > > > > Then it's not my code... My code was written using setuid() and seteuid()... > > Actually, the copy I have here also supports CHROOTING of the whole JVM > > process, and real/effective group switching (as we say in Italy, "'na botte > > de fero"). > > > > Pier > > > > -- > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- > _____________________________________________________________________ > Patrick Luby Email: [EMAIL PROTECTED] > Sun Microsystems Phone: 408-276-7471 > 901 San Antonio Road, USCA14-303 > Palo Alto, CA 94303-4900 > _____________________________________________________________________ > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>