Thank you Brett for your comments. Here is tomcat startup script (/etc/init.d/tomcat7)
#!/bin/bash # tomcat start/stop script export JAVA_HOME=/usr/lib/jvm/java-7-oracle export CATALINA_HOME=/opt/tomcat7 start() { su tomcat7 -s /bin/sh -c $CATALINA_HOME/bin/startup.sh } stop() { su tomcat7 -s /bin/sh -c $CATALINA_HOME/bin/shutdown.sh } case $1 in start|stop) $1;; restart) stop; start;; *) echo "Run as $0 <start|stop|restart>"; exit 1;; esac I made slight change in "startup.sh" file too (replaced old exec line): exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@" my setenv.sh file: CATALINA_OPTS="-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Xmx512m -XX:+UseConcMarkSweepGC" export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/local/apr/lib" I installed authbind previously and executed following lines: sudo touch /etc/authbind/byport/80 sudo chmod 500 /etc/authbind/byport/80 sudo chown tomcat7 /etc/authbind/byport/80 When I am removing APR connector from server.xml, tomcat working fine with tomcat7 user. Regards, Mubeen On Thu, Jan 16, 2014 at 5:41 AM, Brett Delle Grazie < brett.dellegra...@gmail.com> wrote: > Hi, > > See interleaved. > > > On 15 January 2014 16:53, Mubeen Shah <mubeens...@gmail.com> wrote: > > > Hello, > > > > I am trying to configure tomcat 7 on ubuntu machine and wanted to run it > as > > non-root on port 80, Here is what I did so far: > > > > OS (Ubuntu 12.04 LTS): > > > > - installed oracle JDK 1.7.0_45 using "apt-get" > > - downloaded and extracted tomcat 7.0.50 (.gz format) > > - created ubuntu user 'tomcat' and granted 'chown -R CATALINA_HOME' to > this > > user > > - changed tomcat default port to 80 in server.xml > > - installed and configured authbind tool > > - created sh script "/etc/init.d/tomcat7" to start tomcat as tomcat user. > > > > What was in this script? > > > > - tomcat 7 was working as expected on 80 port as non-root user. > > > > That is surprising, see further below. > > > > - later I configured APR 1.5.0 and tried to run tomcat again, I got this > > error: > > > > Jan 15, 2014 6:24:45 AM org.apache.catalina.core.AprLifecycleListener > init > > INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR > > version 1.5.0. > > Jan 15, 2014 6:24:45 AM org.apache.catalina.core.AprLifecycleListener > init > > INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters > > [false], random [true]. > > Jan 15, 2014 6:24:46 AM org.apache.catalina.core.AprLifecycleListener > > initializeSSL > > INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012) > > Jan 15, 2014 6:24:46 AM org.apache.coyote.AbstractProtocol init > > INFO: Initializing ProtocolHandler ["http-apr-80"] > > Jan 15, 2014 6:24:46 AM org.apache.coyote.AbstractProtocol init > > SEVERE: Failed to initialize end point associated with ProtocolHandler > > ["http-apr-80"] > > java.lang.Exception: Socket bind failed: [13] Permission denied > > at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:430) > > at > > > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640) > > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) > > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:981) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > > at > > > org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > > at > > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:639) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:664) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:606) > > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) > > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455) > > > > This is expected. > > > > > > If I am removing out this line from server.xml: > > <Listener className="org.apache.catalina.core.AprLifecycleListener" > > SSLEngine="on" /> > > > > Tomcat working on 80 port as non-root user and starting "http-bio-80" > > properly. > > > > Another thing is if I am trying to run tomcat as "root" along with APR > > support, its working just fine. > > > > Any advise why its working on "http-bio-80" while throwing bind exception > > on "http-apr-80"?? > > > > Linux will not allow anything but root to bind on ports < 1024. > Usually the process starts as root, binds to the port and then drops it's > privileges back to the desired user. > You'll need to use jsvc to start Tomcat and drop privileges. It is simply > apache commons daemon and you should use version 1.0.15 or higher, I'm not > sure what version is in 12.04 LTS so you may need to compile it. > > Some documentation is here: > http://tomcat.apache.org/tomcat-7.0-doc/setup.html > http://commons.apache.org/proper/commons-daemon/jsvc.html > > There are a couple of other options described here: > > http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F > > But the best one is commons daemon / jsvc. > > > > Regards, > > Mubeen > > > > > -- > Kind regards, > > Brett >