一尘不染

在CentOS版本5.5(最终版)的80端口上启动tomcat

tomcat

我想在端口80上启动Tomcat 6.0.29。我的操作系统是CentOS版本5.5(最终版),我在$ TOMCAT_HOME / conf /
server.xml中更改了以下行

<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

<Connector connectionTimeout="20000" port="80" protocol="HTTP/1.1" redirectPort="8443"/>

然后我运行命令:

sudo /etc/init.d/tomcat6 start

在文件$ TOMCAT_HOME / logs / catalina.log中,我发现了以下异常:

java.net.BindException: Permission denied <null>:80
    at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:549)
    at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
    at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)
    at org.apache.catalina.connector.Connector.start(Connector.java:1087)
    at org.apache.catalina.core.StandardService.start(StandardService.java:534)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.net.BindException: Permission denied
    at java.net.PlainSocketImpl.socketBind(Native Method)
    at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:365)
    at java.net.ServerSocket.bind(ServerSocket.java:319)
    at java.net.ServerSocket.<init>(ServerSocket.java:185)
    at java.net.ServerSocket.<init>(ServerSocket.java:141)
    at org.apache.tomcat.util.net.DefaultServerSocketFactory.createSocket(DefaultServerSocketFactory.java:50)
    at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
    ... 12 more
0:11:56 org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException:  service.getName(): "Catalina";  Protocol handler start failed: `java.net.BindException: Permission denied <null>:80
    at org.apache.catalina.connector.Connector.start(Connector.java:1094)
    at org.apache.catalina.core.StandardService.start(StandardService.java:534)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
0:11:56 org.apache.catalina.startup.Catalina start`

提前致谢


阅读 154

收藏
2020-06-16

共1个答案

一尘不染

1-1023范围内的端口具有特权。只允许root绑定到它们。

至少有两种方法可以解决此问题:

  • 以root身份运行。当然,您需要权衡由此推断出的额外安全风险;Tomcat本身(我相信很少)和Web应用程序包含的安全漏洞(例如,可能导致人们读取/ etc / shadow作为示例)中的两个安全漏洞,与此相反,这很简单明了。

  • 使用jsvc作为服务运行。有关jsvc的详细信息,请参见http://tomcat.apache.org/tomcat-5.5-doc/setup.html。设置起来有些麻烦,但是root只参与设置端口,然后Tomcat将以没有特殊权限的用户身份运行。对于任何严肃的设置,我都建议这样做。

无论选择哪种方式,Tomcat的实际启动都将需要root特权。

/// BR,JenEriC

2020-06-16