Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • UMASK with the umask setting you want the process to have, or optionally remove this line if you don't want to change this at runtime
  • USERID with the id of the user you want the process to execute as once the ports have been opened.
    Tip
    titleHint

    For your convenience, you'll find one of these ready made in the $jetty.home/extras/setuid/etc/jetty-setuid.xml.

    Then, you need to build the setuid feature for your operating system, as it requires native libraries. Go to the $jetty.home/extras/setuid directory and follow the instructions in the README.txt file, summarized here as:
    Code Block
    
    > mvn install
    
    > gcc -I$JDK_HOME/include/ -I$JDK_HOME/include/linux/  \
         -shared src/main/native/org_mortbay_setuid_SetUID.c \
         -o ../../lib/ext/libsetuid.so
    
    > cp target/jetty-setuid-6.1-SNAPSHOT.jar ../../lib/ext/
    > cp etc/jetty-setuid.xml ../../etc
    
    Where:
  • $JDK_HOME is same as $JAVA_HOME
  • linux should be replaced by the name of your operating system.
    Warning
    titleOn Solaris

    Leave out the -shared argument.

    Then to run jetty as the root user, switching to the userid of your choice (and setting the umask of your choice if you chose to do that) you do:
    Code Block
    
    

...

  • sudo java -Djava.library.path=lib/ext -jar start.jar etc/jetty-setuid.xml etc/jetty.xml
    
    Warning
    titleNote!

    You must ensure that the etc/jetty-setuid.xml file is first in the list of config files.

Using ipchains

On some Linux systems the ipchains REDIRECT mechanism can be used to redirect from one port to another inside the kernel:

Code Block
  /sbin/ipchains -I input --proto TCP --dport 80 -j REDIRECT 8080

...

You need to add something like the following to the startup scripts or your firewall rules:

Code Block
  /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

...

On Solaris 10 (maybe earlier versions too) the OS allows you to grant privileged ports binding to "normal" users:

Code Block
  usermod -K defaultpriv=basic,net_privaddr myself

...

Contact the core Jetty developers at www.webtide.com
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery