Please let me know how to setup a non-root user to be able to access a privileged port (<1024) on Solaris 8. I am currently running tomcat as "tomcat" user and I get the following error during to start up:
SEVERE: Error initializing endpoint
java.net.BindException: Permission denied<null>:443
The best practice is to use high end ports to run Tomcat. The reason behind this:
The easy access of >1024 ports are only possible with root accounts which will further create security concerns.
Thanks,
Deepak
You can't but you can use e.g. sudo so that the user can start tomcat with a privileged port..
Cheers Dyna
Umm, with respect, I'd recommend finding another solution. If you start your tomcat app as root, you grant it a great deal more than just the port it wants. If there's a problem with the app, it's no longer a potential issue just for that app, but now for everything else on the server too.
If you really have to have it on the ssl port, run it on a high port and put in an ssh port forward (or if you have solaris 10, a native port redirect).
Another option might be to use apache as your ssl webserver with the tomcat plugin to connect back via localhost to your tomcat application.
Another point to consider: What will you do if you want to host some other ssl app on this server?
The best solution would be to migrate to Solaris 10 and use RBAC to grant the net_privaddr privilege to the tomcat user.
Thank you all for replying and for the suggestions/advice. I will move to Solaris 10. 