You don't. That's why there is so much effort and mailing list traffic devoted to running Apache on port 80 and connecting to Tomcat using a connector.
I don't run Tomcat as root, privileged port or not. Doing so on a publicly accessible server would be foolish, regardless of Java's security model. The typical scenario is: 1) run Tomcat as a non-root user, listening on ONLY one port, the connector port, your choice 2) run Apache as root (though Apache does not serve requests as root) on port 80 and use a connector to connect to Tomcat That way, you don't run anything as root. In my opinion, the only thing that should ever be running as root, serving requests as root, and listening on a privileged port is OpenSSH. Obviously, if you're running a domain name server or a time server or something like that, you would have other services besides OpenSSH listening on a privileged port, but that's off the scope of this list. John > -----Original Message----- > From: Kristjan Rznarsson [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 05, 2002 8:17 AM > To: Tomcat Users List > Subject: RE: Why run tomcat as root > > > I know, I accidentally posted that message before completing > it, I posted > the rest of it seperately. > > I have heard alot of people expressing concer about this > behavior of the > JVM of keeping processes running ar root and I fully > understand why. The > problem is that if I want to access say Port 80 I have to run > tomcat as > root. But I have not been able to figure out a way to downgrade the > privileges of the Tomcat process after it has accessed the privileged > resources. I have been told that Apache can donwgrade the > privilege level > of processes after they have accessed privleged resources but > how do I do > this to tomcat? > > > > > > > "Ralph Einfeldt" <[EMAIL PROTECTED]> > 05.12.2002 12:48 > Please respond to "Tomcat Users List" > > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > cc: > Subject: RE: Why run tomcat as root > > > I don't think that you are right. > > To run tomcat as root means you have less security than having > more security. > > You have to be aware that you open a additional potential > security hole for the user that runs tomcat. (That is not > specific to tomcat, that is true for any application) > > E.G.: If tomcat or your application contains an error > that let's some user execute a command on the server, > this command will have the rigths of the tomcat user. > > If this user is root, the command can do nearly everything > on the server. Otherwise it could just have restricted > access to the system. > > If you want to use port 80 it is better to run tomcat behind > a connector, a port mapper or a proxy and use a user with the > least possible rights. > > > -----Original Message----- > > From: Kristján Rúnarsson [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, December 05, 2002 1:34 PM > > To: Tomcat Users List > > Subject: Re: Why run tomcat as root > > > > > The Root account is also preferable beacuse the account and processes > that run under it are considerably better protected than those of a > normal user, provided you have not castrated the Root account > security > wise, ie configured it incorrectly. The less secure the > account you run > Tomcat under the easyser it is for a malicious user to sabotage your > webserver by editing or deleting files, killing processes and so on. > The ROOT acount is a citadel on a mountain top, very hard for > a hacker > to break, much harder than a normal account. If you run > Tomcat as root, > only you and those trusted few that you have mady privy to the root > password, can manipulate the Tomcat server. > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
