On Linux do people chroot a Java Web Application or use IPTables and run as non-root?

Posted by Adam Gent on Stack Overflow See other posts from Stack Overflow or by Adam Gent
Published on 2010-06-17T15:55:57Z Indexed on 2010/06/17 16:13 UTC
Read the original article Hit count: 168

Filed under:
|
|
|
|

When you run a Java Servlet Container that you would like to serve both static and dynamic content on port 80 you have the classic question of whether to run the server as:

  1. As root in hopefully a chroot jail if you can (haven't gotten this working yet)
  2. As a non root user and then use IPTables to forward port 80 to some other port (>1024) that the container is running on
  3. Both: As a non root user, IPTables, and chroot jail.

The problem with opt. 1 is the complexity of chrooting and still the security problems of running root.The problem with opt. 2 is that each Linux distro has a different way of persisting IPTables. Option 3 of course is probably idea but very hard to setup.

Finally every distro has the annoying differences in daemon scripts.

What do people find as the best distro agnostic solution and are there resources to show how to do this?

© Stack Overflow or respective owner

Related posts about java

Related posts about linux