0

Currently my tomcat is running as root because it does bind to port 80.

I do want to run hudson as a non-root user inside tomcat. How do I do this?

I'm looking for a solution that would not require me to add an apache proxy over tomcat.

sorin
  • 7,668
  • 24
  • 75
  • 100

2 Answers2

4

well, only root can bind to ports le 1024. probably there's no mechanism of dropping privs in java/jvm after binding to superuser ports otherwise this would be done by now in tomcat. what i and others did was to keep tomcat listening on a non-privileged port and forward port 80 traffic to that port with a firewall rule.

user237419
  • 1,663
  • 8
  • 8
  • 1
    i wasn't exactly right. you may use jsvc to run the workers as a non privileged user. check http://tomcat.apache.org/tomcat-5.5-doc/setup.html#Unix_daemon – user237419 Oct 13 '10 at 15:42
1

You can forward port 80 to 8080 or any other using iptables, like this:

iptables -t nat -A PREROUTING -p tcp -d second_ip --dport 80 -j REDIRECT --to-port 8080

This is a more generic one, but if you have only one IP remove the destination IP (-d second_ip).

Paul
  • 1,837
  • 1
  • 11
  • 15