Running Apache Tomcat/tcServer with non-root privileges
book
Article ID: 344093
calendar_today
Updated On:
Products
VMware
Support Only for Apache Tomcat
Issue/Introduction
This article provides information on methods to allow regular users to start or stop the Tomcat server running on port below 1025.
Environment
Apache Tomcat 7
VMware vFabric tc Server 2.0
Apache Tomcat 6
VMware vFabric tc Server 2.6
VMware vFabric tc Server 2.5
VMware vFabric tc Server 2.1
Apache Tomcat 5.5
Resolution
To allow regular users to start or stop Tomcat server running on ports below 1025:
- Use JSVC. For more information, see commons.apache.org/daemon/jsvc.html. (This is the best resolution)
- Use Apache front with mod_jk or mod_proxy.
- Use iptables to redirect port 80 and 443 to user ports below 1025:
#!/bin/sh
# iptables script to redirect port 80 and 443
IPT="/sbin/iptables"
# Flush old rules, old custom tables
$IPT --flush
$IPT --delete-chain
# Rules for redirecting port 80 and 443
$IPT -A FORWARD -p tcp --destination-port 443 -j ACCEPT
$IPT -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 443 --to-ports 8443
$IPT -A FORWARD -p tcp --destination-port 80 -j ACCEPT
$IPT -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80 --to-ports 8080
Feedback
thumb_up
Yes
thumb_down
No