He's running JBoss... Java apps won't drop privs. Non-root can't bind to 80, so he gets JBoss to bind to 8080 then redirects.
PK
On 2012-10-05, at 12:01 PM, "Tim" ignored_mailbox@yahoo.com.au wrote:
Tim:
Why are you redirecting, though? If there's a block on port 80, then your attempt to get in on port 80 and redirect to port 8080 isn't going work. Which way are you *trying* to redirect?
Mark Space
Just that I understand it's good practice to never run apps as root. If I listen on port 8080 instead of 80, I never have to run the server as root.
Redirecting the port isn't going to change who's running the service, that's configured elsewhere. And, for what it's worth, Apache doesn't run as root, it runs as Apache.
-- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On Fri, Oct 05, 2012 at 12:50:30 -0600, Patrick Kobly patrick@kobly.com wrote:
He's running JBoss... Java apps won't drop privs. Non-root can't bind to 80, so he gets JBoss to bind to 8080 then redirects.
Yuck. There are other ways to do that. I think the systemd route is probably the way to do it in current Fedora: http://www.freedesktop.org/software/systemd/man/systemd.socket.html
But inetd or tcp-server (and probably other things) could also be used.
-
Bruno Wolff III -
Patrick Kobly