Focus on Sun
Sun Application Server Drop Privs Apr 24 2007 12:11AM
Crist J. Clark (cristclark comcast net) (3 replies)
Re: Sun Application Server Drop Privs Apr 25 2007 12:41PM
haim [howard] roman (roman jct ac il) (1 replies)
Re: Sun Application Server Drop Privs Apr 26 2007 10:54AM
Alexander Klimov (alserkli inbox ru)
RE: Sun Application Server Drop Privs Apr 24 2007 03:41PM
Tony UcedaVelez (tonyuv versprite com)
Have you tried creating a properties file or editing the existing properties
file that contains the environment variables associated with launching the
app server? I know for the Sun Proxy server you can create a properties
page that contains the user that will run the service as well as the ports
to which it will bind to. The properties file may be accessed by root, but
privs will be dropped to the user defined within the config file.

Tony UcedaVélez, CISM, CISA, GIAC
Managing Partner
VerSprite, LLC
(office) 678.938.3434
(email) tonyuv (at) versprite (dot) com [email concealed]
(web) www.versprite.com

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Crist J. Clark
Sent: Monday, April 23, 2007 8:11 PM
To: focus-sun (at) securityfocus (dot) com [email concealed]
Subject: Sun Application Server Drop Privs

We're using Sun Java System Application Server 8.1. I know
the software is designed so it can be run as a non-root user,
but right now, we have to run it as root since it binds to ports
80/tcp and 443/tcp.

I've hit SunSolve, docs.sun.com, and Google, but can't seem to
find out how to get it to drop privs to a non-root user after
grabbing the low-numbered ports. Anyone know how to do this?
I'd rather (a) not have this monster run as root if it doesn't
have to and (b) not have the web app developers have to get a
sys admin to make changes as root for them whenever they want
to tweak some file.
--
Crist J. Clark | cjclark (at) alum.mit (dot) edu [email concealed]

[ reply ]
Re: Sun Application Server Drop Privs Apr 24 2007 03:36PM
Stephen Hauskins (stephen acg ucsc edu)


 

Privacy Statement
Copyright 2010, SecurityFocus