Authbind start Tomcat Services as user with less, ports. Linux general users use Tomcat's 80 port

Start Tomcat services using Authbind This would allow the user to start ports less than 1024x768 we do not need to redirect or Ipta Bles.

Apt-get Install Authbind-y

To install Authbind software

Chmod-r 755/etc/authbind

Group should be user group.

CHOWN-RH Root:group/etc/authbind

After that run the below commands

Cd/etc/authbind/byuid

As an example lets Imagne the user ID is the can use your user ID number

echo ' 0.0.0.0/0:1,1023 ' > 2000

That file should is own by user and group.

chown:2000

chmod 700 2000

Add the below line in Tomcat startup file $CATALINA _base/startup.sh

export JAVA_OPTS="$JAVA_OPTS -Djava.net.preferIPv4Stack=true"

For starting Tomcat using Authbind service startup.sh

Comment the below line

#$CATALINA_HOME/bin/startup.sh

Add this end as the end of the file

AUTHBIND_COMMAND="/usr/bin/authbind --deep /bin/bash -c " $AUTHBIND_COMMAND $CATALINA_HOME/bin/startup.sh   

Now you should is able to start Tomcat services as user with less, ports.

Method Two:

Http://serverfault.com/questions/615422/tomcat-cannot-change-port-8080-to-80

Method Three:

Running Tomcat on port -on LinuxWednesday, November 2010 18:40 | Author:doma |  

By default Tomcat ' s HTTP connector listens on port 8080. Changing to port, Linux environment can is quite a tricky issue, since by default listening on any port under 1024x768 re Quire a privileged user, and for security considerations it was not recommended to run Tomcat with elevated permissions. This article discussesAuthbindTo achieve this; It also describes the the-the-this-configuration can automated for the sake of the creation of a script which can is US Ed to initialize a freshly installed Linux instance. This is especially advantageous in Amazon EC2, where we can use this init-script to initialize a fresh instance just Launc Hed from an AMI; And indeed, for the sake of this article Amazon ' s "Amazon Linux Image 1.0" is used for testing. Please note the This was a CentOS 5-based Linux distribution, for other distributions there be slight changes, like Repla Cing "sudo yum install tomcat6" with "sudo apt-get install Tomcat6" on debian-based systems like Ubuntu.

The end of the article, all the commands is summarized to facilitate one-step configuration.

Installing Tomcat

We ' ll need the Tomcat6 package to run Tomcat's core components, as well as the Tomcat6-admin-webapps PAC Kage since we ' ll use Tomcat's Manager application for application deployments, either thru Maven ' s Cargo component or thru The Web-browser. Since we ' ll compile the Authbind application from its sources, we'll also need GCC, the GNU C Compiler package which Conta INS all components to build a application on Linux. To install all this, grab a terminal and execute:

sudo yum-y install tomcat6 tomcat6-admin-webapps gcc

Usually a Web server is started automatically on system boot. This can is achieved by

Sudo/sbin/chkconfig--levels 235 Tomcat6 on

Listening on ports<1024 in Linux with a unprivileged user

There is more options to achieve this:
-By using authbind which authorizes specific users to specific ports under 1024
-By using the Jsvc, a set of libraries and applications for making Java applications run on UNIX more easily (jsvc allows Tomcat application to perform some privileged operations as root (e.g. bind to a Port < 1024x768), and then switch identity to a non-privileged user.)
-By configuring Iptables to re-route, the packets from port 8080
This article describes the Authbind approach. But first, let's tell Tomcat to listen on port instead of 8080.

Changing Tomcat ' s default HTTP port

The default HTTP port is defined in/etc/tomcat6/server.xml:

<connector port= "8080" protocol= "http/1.1" connectiontimeout= "20000" redirectport= "8443"/>

We need to the default port to Server.xml. Either replace by hand, or automatically:to replace the occurrences of port= "8080" to Port= "Z", execute the following SC Ript:

sudo sed-i ' s/port\=\ "8080\"/port\=\ "80\"/'/etc/tomcat6/server.xml

The same for Port 8443, which'll be is replaced with port 443:

sudo sed-i ' s/port\=\ "8443\"/port\=\ "443\"/'/etc/tomcat6/server.xml

We ll start Tomcat with Authbind. This can is achieved by changing Tomcat's init-script in /etc/init.d, replacing the line

tomcat_script= "/usr/sbin/tomcat6"

With

tomcat_script= "exec authbind--deep/usr/sbin/tomcat6"

Again, it can automated like this:

sudo sed-i  ' s/tomcat_script=\ "\/usr\/sbin\/tomcat6\"/tomcat_script=\ "exec authbind--deep \/usr\/sbin\/  Tomcat6\ "/'/etc/init.d/tomcat6

We have a to do with the IPV4 stack by default. This can is done by appending the line catalina_opts= "-djava.net.preferipv4stack=true" to/etc/tomcat6/ Tomcat6.conf:

sudo sed-i ' $ a\catalina_opts=\ "-djava\.net\.preferipv4stack=true\" \ n '/etc/tomcat6/tomcat6.conf

Installing and configuring Authbind

Authbind is installed the usual to, with the help of GCC and make. Note:for This step to succeed, the GCC package is needed. It is already installed with the command sudo yum to install GCCearlier, when Tomcat was installed.

CD ~
Fetch http://ftp.debian.org/debian/pool/main/a/authbind/authbind_2.1.1.tar.gz
Tar xvzf authbind_2.1.1.tar.gz
CD authbind-2.1.1
Make
sudo make install

Authbind is configured with some special files, for which we can assign our arbitrary permissions for the users we want to Give access to. Since Tomcat is running with the Tomcat user, we'll tell Authbind to allow connections to the HTTP port and the HTTPS p ORT 443 for this account:

sudo touch/etc/authbind/byport/80
sudo chmod 500/etc/authbind/byport/80
sudo chown tomcat/etc/authbind/byport/80
sudo touch/etc/authbind/byport/443
sudo chmod 500/etc/authbind/byport/443
sudo chown tomcat/etc/authbind/byport/443

For the changes-take effect, Tomcat have to be restarted:

Sudo/etc/init.d/tomcat6 restart

To see if there are any error, the Tomcat log can consulted:

Less-s/var/log/tomcat6/catalina.out

The whole script

Here are the whole script which automates all this:

sudo sed-i ' s/port\=\ "8080\"/port\=\ "80\"/'/etc/tomcat6/server.xml
sudo sed-i ' s/port\=\ "8443\"/port\=\ "443\"/'/etc/tomcat6/server.xml
sudo sed-i ' s/tomcat_script=\ ' \/usr\/sbin\/tomcat6\ '/tomcat_script=\ ' exec authbind--deep \/usr\/sbin\/tomcat6\ '/'/ Etc/init.d/tomcat6
sudo sed-i ' $ a\catalina_opts=\ "-djava\.net\.preferipv4stack=true\" \ n '/etc/tomcat6/tomcat6.conf
CD ~
Fetch http://ftp.debian.org/debian/pool/main/a/authbind/authbind_2.1.1.tar.gz
Tar xvzf authbind_2.1.1.tar.gz
CD authbind-2.1.1
Make
sudo make install
sudo touch/etc/authbind/byport/80
sudo chmod 500/etc/authbind/byport/80
sudo chown tomcat/etc/authbind/byport/80
sudo touch/etc/authbind/byport/443
sudo chmod 500/etc/authbind/byport/443
sudo chown tomcat/etc/authbind/byport/443
Sudo/sbin/chkconfig--levels 235 Tomcat6 on
Sudo/etc/init.d/tomcat6 restart
CD ~

References:Http://en.wikipedia.org/wiki/SedHttp://en.wikipedia.org/wiki/GrepHttp://www.unix.com/unix-desktop-dummies-questions-answers/36604-append-line-last-line-file.htmlHttp://pwet.fr/man/linux/commandes/authbindHttp://www.centos.org/docs/5/html/Installation_Guide-en-US/s1-boot-init-shutdown-sysv.html
http://netthink.com/?p=362

Authbind start Tomcat Services as user with less, ports. Linux general users use Tomcat's 80 port