在 CentOS 版本 5.5 (Final) 上在端口 80 上启动 tomcat [英] starting tomcat on port 80 on CentOS release 5.5 (Final)
问题描述
我想在端口 80 上启动 Tomcat 6.0.29.我的操作系统是 CentOS release 5.5 (Final)我在 $TOMCAT_HOME/conf/server.xml 中更改了以下行
I want to start Tomcat 6.0.29 on port 80. My OS is CentOS release 5.5 (Final) I changed following line in $TOMCAT_HOME/conf/server.xml
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
到
<Connector connectionTimeout="20000" port="80" protocol="HTTP/1.1" redirectPort="8443"/>
然后我运行命令:
sudo /etc/init.d/tomcat6 start
在文件 $TOMCAT_HOME/logs/catalina.log 中我发现了这样的异常:
In file $TOMCAT_HOME/logs/catalina.log I found such exceptions:
java.net.BindException: Permission denied <null>:80
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:549)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)
at org.apache.catalina.connector.Connector.start(Connector.java:1087)
at org.apache.catalina.core.StandardService.start(StandardService.java:534)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.net.BindException: Permission denied
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:365)
at java.net.ServerSocket.bind(ServerSocket.java:319)
at java.net.ServerSocket.<init>(ServerSocket.java:185)
at java.net.ServerSocket.<init>(ServerSocket.java:141)
at org.apache.tomcat.util.net.DefaultServerSocketFactory.createSocket(DefaultServerSocketFactory.java:50)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
... 12 more
0:11:56 org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: `java.net.BindException: Permission denied <null>:80
at org.apache.catalina.connector.Connector.start(Connector.java:1094)
at org.apache.catalina.core.StandardService.start(StandardService.java:534)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
0:11:56 org.apache.catalina.startup.Catalina start`
提前致谢
推荐答案
1-1023 范围内的端口是特权端口.只允许 root 绑定到它们.
The ports in the range 1-1023 are privileged. Only root is allowed to bind to them.
至少有两种方法可以解决这个问题:
There is at least two ways to solve this:
以 root 身份运行.当然,您需要权衡由此推断出的额外安全风险;Tomcat 本身的安全漏洞(我相信很少)和您的 Web 应用程序包含的安全漏洞(例如,这可能导致人们阅读/etc/shadow 作为示例),而这是简单而直接的.
Run as root. You need to weight the extra security risks this infers, of course; both security holes in Tomcat itself (which I believe to be few) and those your web applications contains (which can for example lead to letting people read /etc/shadow as an example), against this being simple and straight-forward.
使用 jsvc 作为服务运行.请参阅 http://tomcat.apache.org/tomcat-5.5-doc/setup.html 了解有关 jsvc 的详细信息.设置起来有些麻烦,但root只参与设置端口,然后Tomcat将以没有特殊权限的用户身份运行.我建议将其用于任何严肃的设置.
Run as service with jsvc. See http://tomcat.apache.org/tomcat-5.5-doc/setup.html for details on jsvc. It is some extra hassle to setup, but root will only be involved in setting up the ports, Tomcat will then run as a user without special rights. I recommend this for any serious setup.
无论你选择哪种方式,Tomcat的实际启动都需要root权限.
Regardless on what way you choose, the actual starting of Tomcat will need root privilegies.
///BR,詹埃里克
这篇关于在 CentOS 版本 5.5 (Final) 上在端口 80 上启动 tomcat的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
