Configuring Debian or Ubuntu To Run a Servlet Container as Non-Root
Tomcat 6, 7, 8
For recent releases of Debian and Ubuntu the tomcat6
package tomcat<n>
package includes a dependency on the authbind
package and a default authbind
configuration that allows the Tomcat 6 container to bind to ports < 1024 without running the whole JVM as root
user.
To leverage the authbind
configuration edit the Tomcat 6 configuration file /etc/default/tomcat6
and settomcat<n>
and set (at the very end)
Code Block |
---|
AUTHBIND=yes |
See also this Debian Administrator article or check the man page for authbind
.
...
Code Block |
---|
touch /etc/authbind/byport/443 chmod 0755 /etc/authbind/byport/443 chown tomcat6tomcat8:tomcat6tomcat8 /etc/authbind/byport/443 # or tomcat<n>:tomcat<n> for your version |