Rodrigo
Vincent Aumont wrote:
François,
Oh, and last but not least, I didn't find a privilege separation method in tomcat (like in apache or ssh or postfix, or...). Perhaps am I wrong, but, if you want tomcat to run in unpriviledge environment, you have to make it bind to a public port (say 8080). I use iptables to redirect connections from 80 to 8080:No, you're right. You can make Apache listen on port 80 while running as root because it'll change the process' ownership when it opens a new connection. There is no portable way of doing this in Java; therefore, you have to run Tomcat as root if you want to make it listen on port 80. Of course, that's a major security hole.
I always front-end TC with Apache and use mod_proxy to achieve what you're doing with iptables.
-Vincent.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
