Running any user program on low port numbers on *nix systems is generally tricky, as low port numbers are protected and only accessible as the root user.

In the past, jetty’s suggested solution has been to use iptables or ipchains to configure the operating system to forward traffic for port 80 (for example) to port 8080 (for example). Here’s the FAQ entry on how to do that here:
http://docs.codehaus.org/display/JETTY/port80

Recently, we decided to make this easier by adding a new feature which means you will be able to invoke jetty as the superuser, but after the ports have been opened the userid will change back to a non-privileged user, preserving the runtime safety of your system.

This little gem can be found currently in svn trunk and is slated for release in the 6.1.0. Look in $jetty.home/extras/setuid for the code and the README on how to build it. As the build requires native libs, there are some system-dependent configurations you have to provide, so there are a couple of steps you have to do manually for the build.
The README.txt file has full instructions, but I’ll reproduce it here to give you the general idea to start you off:

Build

Running Jetty as non-root user on port 80

5 thoughts on “Running Jetty as non-root user on port 80

  • October 2, 2006 at 2:49 pm
    Permalink

    Bob,
    No immediate plans to do that. Sure you don’t want to upgrade to jetty 6? 🙂

  • October 13, 2006 at 4:29 pm
    Permalink

    We’ve now added another new feature, which is to be also able to set the umask of the executing process. The instructions are the same as before, except with the ability to call org.mortbay.setuid.SetUIDServer.setUmask(int i);

    Building extras/setuid will give you an example jetty-setuid.xml file that you can use to change to whichever umask (and user id) setting you want.

  • September 3, 2007 at 4:35 am
    Permalink

    I’ve got this building fine on linux, but not on solaris with or without -shared…

    $ gcc -I/big/build_home/jdk1.6.0_02/include/
    -I/big/build_home/jdk1.66.0_02/include/solaris/
    src/main/native/org_mortbay_setuid_SetUID.c
    -o libsetuid.so
    Undefined                       first referenced
    symbol                             in file
    main                                /usr/local/lib/gcc-lib/sparc-sun-solaris2.9/3.3.2/crt1.o
    ld: fatal: Symbol referencing errors. No output written to libsetuid.so
    collect2: ld returned 1 exit status
    $ gcc -I/big/build_home/jdk1.6.0_02/include/
    -I/big/build_home/jdk1.66.0_02/include/solaris/
    -shared src/main/native/org_mortbay_setuid_SetUID.c
    -o libsetuid.so
    Text relocation remains                         referenced
    against symbol                  offset      in file
    umask                               0x40        /var/tmp//cc5pafej.o
    setuid                              0x14        /var/tmp//cc5pafej.o
    ld: fatal: relocations remain against allocatable but non-writable sections
    collect2: ld returned 1 exit status
    
    Any hints?
    

Comments are closed.