Christopher Schultz wrote:
Apache httpd is configured out of the box to start up as root, bind to port 80 (or really any port), and then drop its privileges to the httpd user. Without some really nasty code, Tomcat is unable to do the same thing, so we're forced to do silly things like internal port forwarding, etc.
The "root-only-access-to-low-ports" policy of Linux is a legacy from the days when Unix systems were typically multi-user: it is a heavy-handed way of stopping the oiks from running unauthorised servers. In a secure server it is unnecessary, indeed counterproductive when it tempts us to run services as root, or to use tricksy workarounds. Linux should make this switch-offable (without having to recompile the kernel). The only problem I've found with standalone Tomcat plus iptables port forwarding (apart from the need to understand iptables :-)) is that web apps can't make requests to themselves at port 80, but have to use 8080 or whatever. Paul Singleton --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
