On Linux do people chroot a Java Web Application or use IPTables and run as non-root?
Posted
by Adam Gent
on Stack Overflow
See other posts from Stack Overflow
or by Adam Gent
Published on 2010-06-17T15:55:57Z
Indexed on
2010/06/17
16:13 UTC
Read the original article
Hit count: 168
When you run a Java Servlet Container that you would like to serve both static and dynamic content on port 80 you have the classic question of whether to run the server as:
- As root in hopefully a chroot jail if you can (haven't gotten this working yet)
- As a non root user and then use IPTables to forward port 80 to some other port (>1024) that the container is running on
- Both: As a non root user, IPTables, and chroot jail.
The problem with opt. 1 is the complexity of chrooting and still the security problems of running root.The problem with opt. 2 is that each Linux distro has a different way of persisting IPTables. Option 3 of course is probably idea but very hard to setup.
Finally every distro has the annoying differences in daemon scripts.
What do people find as the best distro agnostic solution and are there resources to show how to do this?
© Stack Overflow or respective owner