Currently my tomcat is running as root because it does bind to port 80.
I do want to run hudson as a non-root user inside tomcat. How do I do this?
I'm looking for a solution that would not require me to add an apache proxy over tomcat.
well, only root can bind to ports le 1024. probably there's no mechanism of dropping privs in java/jvm after binding to superuser ports otherwise this would be done by now in tomcat. what i and others did was to keep tomcat listening on a non-privileged port and forward port 80 traffic to that port with a firewall rule.
You can forward port 80 to 8080 or any other using iptables, like this:
iptables -t nat -A PREROUTING -p tcp -d second_ip --dport 80 -j REDIRECT --to-port 8080
This is a more generic one, but if you have only one IP remove the destination IP (-d second_ip).