iptables fubared?
Patrick Kobly
patrick at kobly.com
Fri Oct 5 18:50:30 UTC 2012
He's running JBoss... Java apps won't drop privs. Non-root can't bind to 80, so he gets JBoss to bind to 8080 then redirects.
PK
On 2012-10-05, at 12:01 PM, "Tim" <ignored_mailbox at yahoo.com.au> wrote:
> Tim:
>>> Why are you redirecting, though? If there's a block on port 80, then
>>> your attempt to get in on port 80 and redirect to port 8080 isn't
>>> going work. Which way are you *trying* to redirect?
>>
> Mark Space
>> Just that I understand it's good practice to never run apps as root.
>> If I listen on port 8080 instead of 80, I never have to run the server
>> as root.
>
> Redirecting the port isn't going to change who's running the service,
> that's configured elsewhere. And, for what it's worth, Apache doesn't
> run as root, it runs as Apache.
>
> --
> [tim at localhost ~]$ uname -r
> 2.6.27.25-78.2.56.fc9.i686
>
> Don't send private replies to my address, the mailbox is ignored. I
> read messages from the public lists.
>
>
>
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
More information about the users
mailing list