-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Coty and André,
On 2/23/18 6:58 PM, Coty Sutherland wrote: > Also see https://bz.apache.org/bugzilla/show_bug.cgi?id=60560 :) > I've been planning to push a solution for that, just haven't gotten > around to it yet. > > On Fri, Feb 23, 2018 at 5:34 PM, André Warnier (tomcat) > <a...@ice-sa.com> wrote: >> On 23.02.2018 23:32, André Warnier (tomcat) wrote: >>> >>> On 23.02.2018 18:52, Peter@Kreuser-Online wrote: >>>> >>>> Hi Chris, >>>> >>>> >>>> >>>>> Am 23.02.2018 um 18:36 schrieb Cheltenham, Chris >>>>> <ccheltenham-...@philasd.org>: >>>>> >>>>> Hello All, >>>>> >>>>> I am trying to run tomcat as a non root user. >>>>> >>>>> It will start as the tomcat user but it will not bind to >>>>> connector 443 unless it starts as root. >>>>> >>>>> Does anyone know why? >>>> >>>> >>>> Unix will not let you open ports below 1024 as non-root >>>> user! >>>> >>>> You may use a proxy in front of it or maybe use iptables to >>>> be able to use standard ports AND user tomcat. >>> >>> >>> See also : >>> https://commons.apache.org/proper/commons-daemon/jsvc.html >> >> >> Or if you are running under Linux, check : >> https://en.wikipedia.org/wiki/Authbind I'm curious ... can authbind be used to *restrict* processes as well as to grant them access? For example, let's say that I want Tomcat to be able to bind to port 8080, it generally will be able to do that unless some other process has bound already. But let's say I specifically DO NOT want Tomcat to be able to bind to port 8443. Can I use authbind to set a blacklist of ports, too? Or, can I blacklist everything and set up a whitelist that contains only port 8080? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqUINQdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFhYvw//eQnox1raRYjATtfC 7Wn2ddcQ+I7jMChOfT81W1AABazC865OAAhgHDOB/rd6JXZMIQAPDizCPz4mXmNn lPuH0s2UWyBPPo6WwKFhim7/Z33A8WAFSrJoor2vwyfC+p6F9iOOkC1CK0QB2mkU KuK3CqcsVHkeRxDOc6qTaX0KQG9FnnrMD/whmdml2mEOHOesT5/ZwPUwwgtLH8Di ljbstzWAbV3/3Nbb2aPbvpZCJpyBmYWAoIUjzzYVv5J+pLB2EL+6Pf2znBltUiO9 cEmC5ybC22cLuS/w5KCKHtP+qFecYFjhQux+uNrCQPPCi0IXE9DaxwU5qYp7FXae q8qhH+4KRhO7kOOBqyMaVVMXXR0+Xdo52aEyCqv2go1uO0Ebp4TiPQq3iC4mUW+8 FrMK6MsgtnQzJXuk9RvtPpBQ/6q36WJ91lQ0FnjFZA1JS49Y9PDT52FoTz6g3TUD R1I996R798zSCowDTwaZLfd4xsBzqzI2RcU6rMWbGGhlM5pu2TSd0AzM6vet7iHw m1+6iN5NbQE/u+dU9x7zuRHpn2hQBLf6+r4DZyiZrm/Y58FgpnO8g5i35jiwttuv 7NuGU0AYX2/gYEiVPpPwwbs19o6DOhp3dHoTy/Em78DqgP6pv22vlxnMZ9TCS4Fz 2JHYqvyhsydWUPEFcoRO+9I888Q= =2rU6 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org