Running Jetty as non-root user on port 80
Running any user program on low port numbers on *nix systems is generally tricky, as low port numbers are protected and only accessible as the root user.
In the past, jetty's suggested solution has been to use iptables or ipchains to configure the operating system to forward traffic for port 80 (for example) to port 8080 (for example). Here's the FAQ entry on how to do that here: http://docs.codehaus.org/display/JETTY/port80
Recently, we decided to make this easier by adding a new feature which means you will be able to invoke jetty as the superuser, but after the ports have been opened the userid will change back to a non-privileged user, preserving the runtime safety of your system.
This little gem can be found currently in svn trunk and is slated for release in the 6.1.0. Look in $jetty.home/extras/setuid for the code and the README on how to build it. As the build requires native libs, there are some system-dependent configurations you have to provide, so there are a couple of steps you have to do manually for the build. The README.txt file has full instructions, but I'll reproduce it here to give you the general idea to start you off:
Build
-----
In this directory do:
mvn install
gcc -I$JDK_HOME/include/ -I$JDK_HOME/include/linux/ \
-shared src/main/native/org_mortbay_setuid_SetUID.c \
-o ../../lib/ext/libsetuid.so
Where $JDK_HOME is same as $JAVA_HOME and where linux should be replaced by the name of your operating system.
Install
-------
From this directory do:
cp target/jetty-setuid-6.1-SNAPSHOT.jar ../../lib/ext/
cp etc/jetty-setuid.xml ../../etc
Configuration
-------------
Change etc/jetty-setuid.xml to use the userid you want.
Running
-------
In the top level jetty directory do:
sudo java -Djava.library.path=lib/ext -jar start.jar \
etc/jetty-setuid.xml etc/jetty.xml
Posted at 12:26AM Oct 03, 2006 by janb in General | Comments[5]
Posted by Bob McWhirter on October 03, 2006 at 04:16 AM EST #
No immediate plans to do that. Sure you don't want to upgrade to jetty 6? :-)
Posted by Jan Bartel on October 03, 2006 at 05:49 AM EST #
Building extras/setuid will give you an example jetty-setuid.xml file that you can use to change to whichever umask (and user id) setting you want.
Posted by Jan Bartel on October 14, 2006 at 07:29 AM EST #
$ gcc -I/big/build_home/jdk1.6.0_02/include/ \ -I/big/build_home/jdk1.66.0_02/include/solaris/ \ src/main/native/org_mortbay_setuid_SetUID.c \ -o libsetuid.so Undefined first referenced symbol in file main /usr/local/lib/gcc-lib/sparc-sun-solaris2.9/3.3.2/crt1.o ld: fatal: Symbol referencing errors. No output written to libsetuid.so collect2: ld returned 1 exit status $ gcc -I/big/build_home/jdk1.6.0_02/include/ \ -I/big/build_home/jdk1.66.0_02/include/solaris/ \ -shared src/main/native/org_mortbay_setuid_SetUID.c \ -o libsetuid.so Text relocation remains referenced against symbol offset in file umask 0x40 /var/tmp//cc5pafej.o setuid 0x14 /var/tmp//cc5pafej.o ld: fatal: relocations remain against allocatable but non-writable sections collect2: ld returned 1 exit status <\pre> Any hints?Posted by Matt Sheppard on September 03, 2007 at 07:35 PM EST #
See:
http://docs.codehaus.org/display/JETTY/port80
Posted by George Bills on July 09, 2008 at 03:19 PM EST #