/
IdPLinuxNonRootDebianUbuntu

The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

IdPLinuxNonRootDebianUbuntu

Owned by skoranda@uwm.edu
Last updated: Sept 18, 2015 by peterVersion comment

Configuring Debian or Ubuntu To Run a Servlet Container as Non-Root

Tomcat 6, 7, 8

For recent releases of Debian and Ubuntu the tomcat<n> package includes a dependency on the authbind package and a default authbind configuration that allows the Tomcat container to bind to ports < 1024 without running the whole JVM as root user.

To leverage the authbind configuration edit the configuration file /etc/default/tomcat<n> and set (at the very end)

AUTHBIND=yes

See this Debian Administrator article or check the man page for authbind.

For example binding to port 443 one would need:

touch /etc/authbind/byport/443
chmod 0755 /etc/authbind/byport/443 
chown tomcat8:tomcat8 /etc/authbind/byport/443 # or tomcat<n>:tomcat<n> for your version

 

 

Related content

IdPLinuxNonRoot
IdPLinuxNonRoot
Shibboleth 2
More like this
ApacheTomcat8
ApacheTomcat8
Identity Provider 3
More like this
Jetty94
Jetty94
Identity Provider 4
More like this
SecurityAndNetworking
SecurityAndNetworking
Identity Provider 4
More like this
SystemRequirements
SystemRequirements
Identity Provider 4
Read with this
Tomcat 10.1
Tomcat 10.1
Identity Provider 5
More like this