Re: Can not change Tomcat4 to listen to :80

To: debian-java@lists.debian.org
Subject: Re: Can not change Tomcat4 to listen to :80
From: Guy Geens <ggeens@iname.com>
Date: 20 Feb 2002 19:04:21 +0100
Message-id: <[🔎] 87eljgkp22.fsf@andor.geens.internal>
In-reply-to: <[🔎] 20020220.162706.74747246.arnaud.vandyck@ulg.ac.be>
References: <[🔎] 20020220.121026.104061467.arnaud.vandyck@ulg.ac.be> <[🔎] 20020220114145.GA29699@avoive.trustsec.de> <[🔎] 20020220.162706.74747246.arnaud.vandyck@ulg.ac.be>

>>>>> "Arnaud" == Arnaud Vandyck <arnaud.vandyck@ulg.ac.be> writes:

Arnaud> Thank you, I'll try ipchains, but I didn't know apache was set
Arnaud> root (thought www-data).

Apache starts as root, in order to bind to port 80. It also opens some
log files in /var/log/apache with root privileges IIRC.

This `master' process spawns a number of request handlers which drop
privileges before serving requests.

If you do `ps ax', you can see this: one apache process will have user
`root', while the others are all listed as www-data.

Tomcat cannot use this principle, because a Java program has no way to
change the UID.

-- 
G. ``Iggy'' Geens - ICQ: #64109250
Home: <ggeens@iname.com> - Work: <guy.geens@cgey.be>
WWW: http://users.pandora.be/guy.geens/
`I want quality, not quantity. But I want lots of it!'

Reply to:

Follow-Ups:
- Re: Can not change Tomcat4 to listen to :80
  - From: Arnaud Vandyck <arnaud.vandyck@ulg.ac.be>

References:
- Can not change Tomcat4 to listen to :80
  - From: Arnaud Vandyck <arnaud.vandyck@ulg.ac.be>
- Re: Can not change Tomcat4 to listen to :80
  - From: Stefan Gybas <gybas@trustsec.de>
- Re: Can not change Tomcat4 to listen to :80
  - From: Arnaud Vandyck <arnaud.vandyck@ulg.ac.be>

Prev by Date: Tomcat4.0.2 bugs with Cocoon2
Next by Date: Re: policytool
Previous by thread: Re: Can not change Tomcat4 to listen to :80
Next by thread: Re: Can not change Tomcat4 to listen to :80
Index(es):
- Date
- Thread